Cybersecurity Cloud Engineer Inbox

[Goutham t]

Job Title: Cybersecurity Cloud Engineer

 

Location: Remote

 

Duration: Long-Term

 

 

 

• Analyze the attack surface, create threat models and risk assessments for medical devices and decision support products in the cloud and on-premises.
• Define adequate cybersecurity and data privacy controls that mitigate the identified risks appropriately and in alignment with client’s security architecture guidelines.
• Provide service for Cyber Security related Product Risk Management activities, including risk identification, risk rating, selection and verification of risk mitigation and assessment of residual risks.
• Contribute to the development and implementation of security and privacy risk controls and insights across the product lifecycle.
• Manage vulnerabilities at all technology layers during the development phase and support product team in analyzing and remediating of vulnerabilities for products in operation.
• Evangelize security and privacy, developing Security Champions across departments involved in the product development and operations activities.
• Generate security and privacy related documentation with high quality for internal and external compliance.
• Maintain the product security controls and awareness supporting other areas (Security Architecture, Cyber Defense Intelligence and Compliance).
• Conduct planning and execution of 3rd party review / penetration testing activities related to security and software architecture.

 

 

 

Mandatory:

 

• Bachelor or Master degree in Information Systems, Computer Science, Cyber Security or a relevant area of study required
• Minimum 3 years of related work experience in Security Engineering, Privacy & Risk Management
• Minimum 3 years of related work experience with SDLC and cloud environments
• Demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability.
• Demonstrated experience in AWS cloud security
• Demonstrated experience in application security and OWASP framework
• In-depth experience in analyzing product threat landscape, threat modelling and defining adequate security and data privacy controls to mitigate risks
• In-depth experience in vulnerability handling pre and post-market
• In-depth experience in system and cloud infrastructure hardening
• Strong understanding of HIPAA and GDPR
• Strong understanding of industry standards: ISO 27000 family, NIST and HITRUST
• Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH, CISSP, CSSP, CISA, CISM,  ISO27001 Lead Auditor.