Cyber Security Engineering Consultant (Digital Solutions)

The Cyber Security Engineering Consultant is responsible for delivering end-to-end product security engineering capabilities across digital products, aligned with regulatory requirements and secure SDLC practices. The role is outcome-based, requiring independent execution and delivery of structured cybersecurity artifacts across product lifecycle stages.

• 5+ years of experience in product security, application security, cloud security architecture, and DevSecOps
• Strong hands-on experience with STRIDE threat modeling, secure architecture reviews, cloud security on Azure, Kubernetes and container security, CI/CD security integration
• Experience implementing secure SDLC practices in enterprise environments
• Strong understanding of OWASP Top 10 / ASVS, ISO 27001, NIST Cybersecurity Framework, secure software engineering principles
• Experience working in regulated industries, preferably medical devices or healthcare
• Excellent documentation and communication skills
• Ability to work independently in an advisory and consulting capacity

Nice to have:

• Degree in Cybersecurity, Computer Science, Engineering, or related field
• Certifications such as CISSP, CSSLP, OSCP, DevSecOps certifications, ISO 27001 / Risk Management certifications

Threat Modeling & Secure Architecture:

• Conduct STRIDE-based threat modeling for applications, cloud-native platforms, AI/ML systems, and CI/CD pipelines
• Create and analyze Data Flow Diagrams (DFDs)
• Identify trust boundaries, attack surfaces, and potential security risks
• Develop and maintain threat registers including risk likelihood, impact assessments, and mitigation strategies
• Design secure architectures for cloud-native systems, APIs and microservices, AI/ML-enabled platforms
• Assess risks related to model poisoning, data leakage, pipeline compromise

Security Requirements & Secure Design:

• Develop Product Security Requirements Specifications (PSRS)
• Translate regulatory and compliance requirements into actionable technical security controls
• Perform secure architecture reviews and design validations
• Define security controls across Identity & Access Management (IAM), cryptography, logging & monitoring, system resilience
• Perform SBOM (Software Bill of Materials) analysis and risk evaluation

Risk Management & Regulatory Compliance:

• Conduct security risk assessments using frameworks such as ISO 14971 and NIST
• Perform CVSS-based vulnerability scoring
• Maintain and manage risk registers
• Support risk-benefit analysis activities
• Prepare and maintain cybersecurity documentation for audits and regulatory reviews

Vulnerability Management & Post-Market Security:

• Monitor threat intelligence and emerging vulnerabilities
• Conduct vulnerability impact analysis
• Support PSIRT processes and incident response activities
• Contribute to post-market cybersecurity surveillance activities
• Provide cybersecurity advisory support to engineering and product teams

DevSecOps & Secure SDLC:

• Integrate security controls into CI/CD pipelines (Azure DevOps, GitLab)
• Implement and govern security tooling including SAST, DAST, SCA, IaC scanning
• Define policies-as-code and automated security gates
• Support Kubernetes and container security initiatives
• Drive secure SDLC maturity improvements across teams

This is a remote position with travel to Germany once a month.