Cyber Security Engineer

Position: Cyber Security Engineer

Experience Range: 3 to 5 yrs

Job Location: Bangalore

Work Mode: Hybrid (3 days in the office, 2 days remote)

Job Summary

Anumana is seeking a skilled and motivated Cybersecurity Engineer to ensure the security, integrity, and compliance of our Software as a Medical Device (SaaMD) products. This position is critical in maintaining our adherence to global security standards and regulations, specifically ISO/IEC 27001, ISO/IEC 27002, and ISO 13485.

You will play a key role in implementing and monitoring security controls throughout the software development lifecycle while ensuring that our systems meet the highest standards of security and quality. Additionally, you will support audits, create threat models, conduct penetration testing, and produce comprehensive reports.

Key Responsibilities:

Security Control Implementation

- Design, implement, and monitor security controls within the SaaMD development lifecycle.
- Ensure security controls align with ISO/IEC 27001, 27002, and ISO 13485 standards.
- Collaborate with software development teams to integrate security best practices throughout the development pipeline.
- Provide guidance on secure coding practices, vulnerability management, and secure software development principles.
- Maintain a risk-based approach to security, identifying potential threats and vulnerabilities early in the development lifecycle.

Compliance & Audit Support

- Provide evidence of implemented controls and participate in internal and external audits for ISO/IEC 27001 and 27002.
- Collaborate with Quality and Regulatory teams to ensure ongoing compliance with ISO 13485.
- Develop and maintain documentation, policies, and procedures to demonstrate compliance with relevant standards.
- Implement and manage a robust change management and documentation process to align with audit requirements.

Threat Modeling & Penetration Testing

- Create, maintain, and refine threat models to identify security vulnerabilities, using tools like LucidChart.
- Conduct penetration testing and security assessments using tools such as BurpSuite, nmap, Wireshark, and Deptrack.
- Regularly perform static and dynamic analysis to identify potential vulnerabilities in the software.

Vulnerability Management

- Conduct vulnerability scans and assessments using tools like Grype, Dockle, and Trivy.
- Work with development teams to triage and prioritize vulnerabilities for remediation.
- Track and document vulnerabilities through their lifecycle from identification to resolution.
- Develop and maintain a comprehensive vulnerability management process, including reporting metrics and key performance indicators (KPIs).

Reporting & Communication

- Create detailed security assessment and penetration testing reports, including actionable remediation recommendations.
- Communicate findings and collaborate with cross-functional teams to ensure vulnerabilities are addressed.
- Provide regular updates to management on security posture, vulnerability trends, and remediation efforts.

Security Awareness & Training

- Contribute to the development and delivery of security awareness training for software development teams.
- Advocate for a culture of security within the organization, promoting adherence to security best practices.

Preferred:

- Professional certifications such as CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer.
- Experience in security in highly regulated environments, especially SaaMD or healthcare applications.
- Knowledge of risk management frameworks (NIST, HITRUST) and cybersecurity standards.
- Experience with Continuous Integration/Continuous Deployment (CI/CD) pipelines and DevOps environments.

Required Qualification:

- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 3+ years of experience in cybersecurity engineering, preferably within the medical device or healthcare sector.
- In-depth knowledge of ISO/IEC 27001, 27002, and ISO 13485 standards and requirements.
- Experience with threat modeling and penetration testing methodologies and tools (e.g., BurpSuite, nmap, Wireshark, LucidChart).
- Hands-on experience with vulnerability assessment tools such as Grype, Dockle, Trivy, and Deptrack.
- Strong understanding of secure software development practices, including secure coding and DevSecOps principles.
- Experience in providing evidence for security audits and ensuring regulatory compliance.
- Familiarity with cloud security best practices, container security, and modern development environments (e.g., Docker, Kubernetes).