Senior Cybersecurity/Security Risk Engineer

Overview

Remote
Depends on Experience
Contract - W2
Contract - 5 Month(s)

Skills

Cybersecurity
Fortify
Black Duck
Acunetix
Tenable

Job Details

Position: Senior Cybersecurity/Security Risk Engineer
Location: Remote
Job Type: Contract
Duration: 5 months to start
Job Description

The role includes performing threat modeling, risk assessments, and security testing (penetration testing, SAST, DAST, code reviews, fuzzing), while guiding both project teams and senior leadership especially during incident response and post-market reviews. Prior experience in healthcare-related Secure SDLC, familiarity with regulatory frameworks (e.g., GDPR, HIPAA, NIST, ISO 27000), and certifications like CISSP or CSSLP are highly valued.

Tasks & Responsibilities

  • Apply industry leading cyber security and privacy practices and standards to the digital product portfolio, including cloud, IoT, software, and mobile solutions.
  • Perform cyber security risk management, including threat modeling, to ensure security and privacy by design and by default.
  • Assist the project teams with technical security- and privacy-related guidance.
    Perform / organize security assurance activities, such as penetration testing, vulnerability assessment, static code analysis, fuzzing, and (code) reviews.
  • Perform post-market vulnerability assessments and support incident response activities.
  • Collaboration with cross-functional teams on project level
  • Support and advice senior management regarding cyber security and privacy risks

Requirements

  • Academic degree in computer science, information technology, IT security, or a related technical field
  • Several years of experience in secure software development lifecycle (SDLC) activities, preferrable within the healthcare industry
  • Good knowledge in conducting security risk assessments, including threat modeling.
  • Familiar with DevOps, IT security, cryptography, and Secure SDLC activities
  • Hands-on experiences with SAST, DAST, (code) reviews, penetration testing, and cloud solutions
  • Experience in complying with cyber security and data privacy regulations, frameworks, and guidelines such as GDPR, HIPAA, MDR, FDA, NIST CSF, ISO 27k, CIS Controls, NIST SP 800-series, OWASP ASVA/MASVS or similar is desirable.
  • Professional certifications such as CSSLP, CISSP, or others would be a plus.
  • Experience in working in international teams.
  • Fluent in English written and in spoken.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.