Principal Product Security Cloud Engineer

About

This role is responsible for leading cloud and product security initiatives, ensuring secure design, compliance, and risk mitigation across connected medical device ecosystems.

Day-to-Day Responsibilities

• Develop and maintain product security documentation (threat models, risk assessments, SBOM, etc.)
• Design and implement cloud security controls within Azure environments
• Collaborate with engineering teams to integrate security into DevOps/CI-CD pipelines
• Perform security risk assessments for cloud and application infrastructure
• Define and enforce cryptographic standards (PKI, encryption, key management)
• Support regulatory submissions with security documentation (FDA, etc.)
• Conduct vulnerability management, including SAST, SCA, and penetration testing coordination
• Implement secure device-to-cloud communication (IoT security, Zero Trust, mTLS)
• Monitor post-market vulnerabilities and support remediation efforts

Requirements

Must-Haves

• Strong experience with Microsoft Azure and cloud security architecture
• Hands-on experience with threat modeling, risk assessments, and security documentation
• Deep understanding of PKI, encryption, and certificate management
• Experience in medical device or regulated environments
• Knowledge of security tools (e.g., Snyk, Veracode, Wiz)
• Experience working in DevSecOps / Agile environments
• Familiarity with compliance frameworks (NIST, ISO 27001, SOC2, HIPAA, etc.)
• Experience securing IoT or device-to-cloud systems
• Strong communication and cross-functional collaboration skills

Nice-to-Haves

• Experience with FDA regulatory submissions
• Knowledge of containerization (Docker, Kubernetes)
• Experience with Zero Trust architecture and cloud HSMs