Cyber Security Engineering Consultant (Digital Solutions)

O projekcie: The Cyber Security Engineering Consultant is responsible for delivering end-to-end product security engineering capabilities across digital products, aligned with regulatory requirements and secure SDLC practices. The role is outcome-based, requiring independent execution and delivery of structured cybersecurity artifacts across product lifecycle stages. This is a remote position with travel to Germany - once a month. Wymagania: Requirements - 5+ years of experience in: - Product Security - Application Security - Cloud Security Architecture - DevSecOps - Strong hands-on experience with: - STRIDE threat modeling - Secure architecture reviews - Cloud security on Azure - Kubernetes and container security - CI/CD security integration - Experience implementing secure SDLC practices in enterprise environments - Strong understanding of: - OWASP Top 10 / ASVS - ISO 27001 - NIST Cybersecurity Framework - Secure software engineering principles - Experience working in regulated industries, preferably medical devices or healthcare - Excellent documentation and communication skills - Ability to work independently in an advisory and consulting capacity Technical Stack Cloud & Infrastructure - Azure (mandatory) - AWS / GCP (nice to have) - Docker - Kubernetes CI/CD & DevSecOps - Azure DevOps - GitLab Security Tooling - SAST: Fortify or similar - DAST: Seeker, Burp Suite - SCA: Black Duck or equivalent - IaC scanning: Checkov - Threat modeling tools Regulatory & Security Standards Experience with the following is highly desirable: - ISO/IEC 27001 - ISO 14971 - FDA cybersecurity guidance - MDR - EU CRA - NIS2 Nice to have: - Degree in Cybersecurity, Computer Science, Engineering, or related field - Certifications such as: - CISSP - CSSLP - OSCP - DevSecOps certifications - ISO 27001 / Risk Management certifications Codzienne zadania: - Threat Modeling & Secure Architecture - Conduct STRIDE-based threat modeling for applications, cloud-native platforms, AI/ML systems, and CI/CD pipelines - Create and analyze Data Flow Diagrams (DFDs) - Identify trust boundaries, attack surfaces, and potential security risks - Develop and maintain threat registers including risk likelihood, impact assessments, and mitigation strategies - Design secure architectures for: - Cloud-native systems - APIs and microservices - AI/ML-enabled platforms - Assess risks related to: - Model poisoning - Data leakage - Pipeline compromise - Security Requirements & Secure Design - Develop Product Security Requirements Specifications (PSRS) - Translate regulatory and compliance requirements into actionable technical security controls - Perform secure architecture reviews and design validations - Define security controls across: - Identity & Access Management (IAM) - Cryptography - Logging & monitoring - System resilience - Perform SBOM (Software Bill of Materials) analysis and risk evaluation - Risk Management & Regulatory Compliance - Conduct security risk assessments using frameworks such as ISO 14971 and NIST - Perform CVSS-based vulnerability scoring - Maintain and manage risk registers - Support risk-benefit analysis activities - Prepare and maintain cybersecurity documentation for audits and regulatory reviews - Vulnerability Management & Post-Market Security - Monitor threat intelligence and emerging vulnerabilities - Conduct vulnerability impact analysis - Support PSIRT processes and incident response activities - Contribute to post-market cybersecurity surveillance activities - Provide cybersecurity advisory support to engineering and product teams - DevSecOps & Secure SDLC - Integrate security controls into CI/CD pipelines (Azure DevOps, GitLab) - Implement and govern security tooling including: - SAST - DAST - SCA - IaC scanning - Define policies-as-code and automated security gates - Support Kubernetes and container security initiatives - Drive secure SDLC maturity improvements across teams - Stakeholder Colla