Cyber Security Engineering Consultant (Digital Solutions)

This is a remote position.

The Cyber Security Engineering Consultant is responsible for delivering end-to-end product security engineering capabilities across digital products, aligned with regulatory requirements and secure SDLC practices. The role is outcome-based, requiring independent execution and delivery of structured cybersecurity artifacts across product lifecycle stages.

This is a remote position with travel to Germany - once a month.

Responsibilities:

Threat Modeling & Secure Architecture

• Conduct STRIDE-based threat modeling for applications, cloud-native platforms, AI/ML systems, and CI/CD pipelines

• Create and analyze Data Flow Diagrams (DFDs)

• Identify trust boundaries, attack surfaces, and potential security risks

• Develop and maintain threat registers including risk likelihood, impact assessments, and mitigation strategies

• Design secure architectures for:

  • Cloud-native systems

  • APIs and microservices

  • AI/ML-enabled platforms
    

• Assess risks related to:

  • Model poisoning

  • Data leakage

  • Pipeline compromise
    

Security Requirements & Secure Design

• Develop Product Security Requirements Specifications (PSRS)

• Translate regulatory and compliance requirements into actionable technical security controls

• Perform secure architecture reviews and design validations

• Define security controls across:

  • Identity & Access Management (IAM)

  • Cryptography

  • Logging & monitoring

  • System resilience

• Perform SBOM (Software Bill of Materials) analysis and risk evaluation
  

Risk Management & Regulatory Compliance

• Conduct security risk assessments using frameworks such as ISO 14971 and NIST

• Perform CVSS-based vulnerability scoring

• Maintain and manage risk registers

• Support risk-benefit analysis activities

• Prepare and maintain cybersecurity documentation for audits and regulatory reviews
  

Vulnerability Management & Post-Market Security

• Monitor threat intelligence and emerging vulnerabilities

• Conduct vulnerability impact analysis

• Support PSIRT processes and incident response activities

• Contribute to post-market cybersecurity surveillance activities

• Provide cybersecurity advisory support to engineering and product teams
  

DevSecOps & Secure SDLC

• Integrate security controls into CI/CD pipelines (Azure DevOps, GitLab)

• Implement and govern security tooling including:

  • SAST

  • DAST

  • SCA

  • IaC scanning

• Define policies-as-code and automated security gates

• Support Kubernetes and container security initiatives

• Drive secure SDLC maturity improvements across teams
  

Stakeholder Collaboration & Enablement

• Collaborate with engineering, product, regulatory, and leadership stakeholders

• Deliver security awareness workshops and enablement sessions

• Prepare executive-level reporting and security metrics

• Support development of long-term cybersecurity roadmaps and strategic initiatives

Requirements

• 5+ years of experience in:

  • Product Security

  • Application Security

  • Cloud Security Architecture

  • DevSecOps

• Strong hands-on experience with:

  • STRIDE threat modeling

  • Secure architecture reviews

  • Cloud security on Azure

  • Kubernetes and container security

  • CI/CD security integration

• Experience implementing secure SDLC practices in enterprise environments

• Strong understanding of:

  • OWASP Top 10 / ASVS

  • ISO 27001

  • NIST Cybersecurity Framework

  • Secure software engineering principles

• Experience working in regulated industries, preferably medical devices or healthcare

• Excellent documentation and communication skills

• Ability to work independently in an advisory and consulting capacity

Technical Stack

Cloud & Infrastructure

• Azure (mandatory)

• AWS / GCP (nice to have)

• Docker

• Kubernetes

CI/CD & DevSecOps

• Azure DevOps

• GitLab

Security Tooling

• SAST: Fortify or similar

• DAST: Seeker, Burp Suite

• SCA: Black Duck or equivalent

• IaC scanning: Checkov

• Threat modeling tools
  

Regulatory & Security Standards

Experience with the following is highly desirable:

• ISO/IEC 27001

• ISO 14971

• FDA cybersecurity guidance

• MDR

• EU CRA

• NIS2

Nice to have:

• Degree in Cybersecurity, Computer Science, Engineering, or related field

• Certifications such as:

  • CISSP

  • CSSLP

  • OSCP

  • DevSecOps certifications

  • ISO 27001 / Risk Management certifications