Job Description :

We have immediate positions with our client and are looking for Senior Cybersecurity Cloud Engineer with good HIPAA understanding

Cybersecurity Cloud Engineer


  • Analyze the attack surface, create threat models and risk assessments for medical devices and decision support products in the cloud and on-premises.
  • Define adequate cybersecurity and data privacy controls that mitigate the identified risks appropriately and in alignment with client’s security architecture guidelines.
  • Provide service for Cyber Security related Product Risk Management activities, including risk identification, risk rating, selection and verification of risk mitigation and assessment of residual risks.
  • Contribute to the development and implementation of security and privacy risk controls and insights across the product lifecycle.
  • Manage vulnerabilities at all technology layers during the development phase and support product team in analyzing and remediating of vulnerabilities for products in operation.
  • Evangelize security and privacy, developing Security Champions across departments involved in the product development and operations activities.
  • Generate security and privacy related documentation with high quality for internal and external compliance.
  • Maintain the product security controls and awareness supporting other areas (Security Architecture, Cyber Defense Intelligence and Compliance).
  • Conduct planning and execution of 3rd party review / penetration testing activities related to security and software architecture.




  • Bachelor or Master degree in Information Systems, Computer Science, Cyber Security or a relevant area of study required
  • Minimum 3 years of related work experience in Security Engineering, Privacy & Risk Management
  • Minimum 3 years of related work experience with SDLC and cloud environments
  • Demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability.
  • Demonstrated experience in AWS cloud security
  • Demonstrated experience in application security and OWASP framework
  • In-depth experience in analyzing product threat landscape, threat modelling and defining adequate security and data privacy controls to mitigate risks
  • In-depth experience in vulnerability handling pre and post-market
  • In-depth experience in system and cloud infrastructure hardening
  • Strong understanding of HIPAA and GDPR
  • Strong understanding of industry standards: ISO 27000 family, NIST and HITRUST
  • Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH, CISSP, CSSP, CISA, CISM,  ISO27001 Lead Auditor.

Similar Jobs you may be interested in ..