The Cyber Security Engineering Consultant is responsible for delivering end-to-end product security engineering capabilities across digital products, aligned with regulatory requirements and secure SDLC practices. The role is outcome-based, requiring independent execution and delivery of structured cybersecurity artifacts across product lifecycle stages.
This is a remote position with travel to Germany - once a month.
Responsibilities:
Threat Modeling & Secure Architecture
- Conduct STRIDE-based threat modeling for applications, cloud-native platforms, AI/ML systems, and CI/CD pipelines
- Create and analyze Data Flow Diagrams (DFDs)
- Identify trust boundaries, attack surfaces, and potential security risks
- Develop and maintain threat registers including risk likelihood, impact assessments, and mitigation strategies
- Design secure architectures for:
- Cloud-native systems
- APIs and microservices
- AI/ML-enabled platforms
- Assess risks related to:
- Model poisoning
- Data leakage
- Pipeline compromise
Security Requirements & Secure Design
- Develop Product Security Requirements Specifications (PSRS)
- Translate regulatory and compliance requirements into actionable technical security controls
- Perform secure architecture reviews and design validations
- Define security controls across:
- Identity & Access Management (IAM)
- Cryptography
- Logging & monitoring
- System resilience
- Perform SBOM (Software Bill of Materials) analysis and risk evaluation
Risk Management & Regulatory Compliance
- Conduct security risk assessments using frameworks such as ISO 14971 and NIST
- Perform CVSS-based vulnerability scoring
- Maintain and manage risk registers
- Support risk-benefit analysis activities
- Prepare and maintain cybersecurity documentation for audits and regulatory reviews
Vulnerability Management & Post-Market Security
- Monitor threat intelligence and emerging vulnerabilities
- Conduct vulnerability impact analysis
- Support PSIRT processes and incident response activities
- Contribute to post-market cybersecurity surveillance activities
- Provide cybersecurity advisory support to engineering and product teams
DevSecOps & Secure SDLC
- Integrate security controls into CI/CD pipelines (Azure DevOps, GitLab)
- Implement and govern security tooling including:
- Define policies-as-code and automated security gates
- Support Kubernetes and container security initiatives
- Drive secure SDLC maturity improvements across teams
Stakeholder Collaboration & Enablement
- Collaborate with engineering, product, regulatory, and leadership stakeholders
- Deliver security awareness workshops and enablement sessions
- Prepare executive-level reporting and security metrics
- Support development of long-term cybersecurity roadmaps and strategic initiatives
Requirements
Technical Stack
Cloud & Infrastructure
- Azure (mandatory)
- AWS / GCP (nice to have)
- Docker
- Kubernetes
CI/CD & DevSecOps
Security Tooling
- SAST: Fortify or similar
- DAST: Seeker, Burp Suite
- SCA: Black Duck or equivalent
- IaC scanning: Checkov
- Threat modeling tools
Regulatory & Security Standards
Experience with the following is highly desirable:
- ISO/IEC 27001
- ISO 14971
- FDA cybersecurity guidance
- MDR
- EU CRA
- NIS2
Nice to have:
- Degree in Cybersecurity, Computer Science, Engineering, or related field
Certifications such as:
- CISSP
- CSSLP
- OSCP
- DevSecOps certifications
- ISO 27001 / Risk Management certifications
