Position : Cyber Security Engineer

Experience : 3 5 Years

Location : Bangalore

About the Role :

We are looking for a dynamic and results-driven Cybersecurity Engineer to strengthen the security foundation of our Software as a Medical Device (SaaMD) products.

In this role, you will take ownership of safeguarding our platforms by designing, implementing, and continuously improving security controls that meet the highest global standards ISO/IEC 27001, ISO/IEC 27002, and ISO 13485.

Youll work at the intersection of technology, compliance, and innovation, driving secure product development, leading vulnerability assessments, and ensuring regulatory alignment across every layer of our software ecosystem.

Key Responsibilities :

Security Architecture & Control Implementation :

- Design and operationalize end-to-end security controls across the SaaMD lifecycle.

- Embed security practices within CI/CD pipelines, ensuring security by design across all stages of development.

- Partner closely with engineering teams to enforce secure coding standards and DevSecOps best practices.

- Anticipate risks early by implementing threat detection, mitigation, and risk-based prioritization strategies.

Compliance & Audit Excellence :

- Serve as the key point of contact for ISO 27001/27002 and ISO 13485 audits.

- Build and maintain audit-ready documentation, policies, and control evidence.

- Collaborate with Quality and Regulatory teams to ensure continuous compliance with global standards.

- Strengthen governance by leading change management and documentation processes aligned with audit protocols.

Threat Modeling & Penetration Testing :

- Develop and refine threat models to proactively identify potential attack surfaces (using LucidChart or similar tools).

- Conduct penetration tests and deep-dive security assessments using tools like BurpSuite, Wireshark, nmap, and Deptrack.

- Perform static and dynamic code analysis to identify vulnerabilities before release.

Vulnerability Management & Risk Reduction :

- Run continuous vulnerability scans using Grype, Trivy, and Dockle, ensuring quick detection and remediation.

- Partner with development teams to triage and resolve vulnerabilities based on severity and business impact.

- Maintain detailed vulnerability lifecycle tracking and produce executive-level dashboards and metrics.

- Establish a proactive vulnerability management framework that drives measurable reduction in security risks.

Reporting, Communication & Collaboration :

- Deliver comprehensive security assessment reports with clear remediation paths.

- Translate technical risks into business-relevant insights for leadership teams.

- Regularly brief management on security posture, trends, and KPIs, highlighting progress and gaps.

Security Awareness & Culture Building :

- Lead security awareness initiatives for engineering and product teams.

- Champion a security-first mindset, driving cross-functional ownership of cybersecurity excellence.

Required Qualifications :

- Bachelors degree in Computer Science, Information Security, or related discipline.

- 3+ years of hands-on experience in cybersecurity engineering, preferably in healthcare or SaaMD environments.

- Strong expertise in ISO/IEC 27001, 27002, and ISO 13485 frameworks.

- Proven experience with threat modeling, penetration testing, and vulnerability assessment tools (e.g., BurpSuite, nmap, Wireshark, Trivy, Dockle, LucidChart).

- Deep understanding of secure SDLC, DevSecOps, cloud security, and containerization technologies (Docker, Kubernetes).

- Demonstrated success in security audit participation and regulatory compliance documentation.

Preferred Qualifications :

- Certifications such as CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer.

- Experience in highly regulated industries such as medical devices, healthcare, or pharmaceuticals.

- Familiarity with risk management frameworks (NIST, HITRUST) and security automation within CI/CD pipelines.

- Strong communication and cross-functional collaboration skills to influence teams and stakeholders.

Why Join Us :

- Be part of a mission-driven organization building products that impact lives.

- Drive security innovation in a domain where precision, compliance, and reliability are non-negotiable.

- Work with cutting-edge tools and technologies in a hybrid, collaborative environment.

- Take end-to-end ownership of cybersecurity excellence from design to delivery.