Core Responsibilities of this Job are:

• Conduct threat modeling during the development of products.
• Advise on cybersecurity risks associated with mobile and cloud-based product development.
• Ensure development teams align with industry cybersecurity standards and requirements.
• Analyze cybersecurity testing results to assess product security posture.
• Guide teams in prioritizing and remediating identified security vulnerabilities.
• Communicate significant product security concerns to leadership as needed.

 About You:

• 5+ years in a technical advisory role within cybersecurity or as a product engineer with a cybersecurity focus.
• Professional experience in one or more of the following areas:
• Cloud-native application architecture and security design
• Mobile application architecture and security design
• Cloud computing architecture and security design
• Experience conducting cyber threat modeling using frameworks such as STRIDE or PASTA.
• Adept at aligning security best practices with continuous integration and delivery frameworks
• Strong grasp of information security principles and defense-in-depth strategies.
• Proven ability to influence without authority and build strong cross-functional relationships.
• Ability to balance business risk and cybersecurity risk.
• Excellent verbal and written communication skills tailored to both technical and non-technical   audiences.
• Familiarity with medical device cybersecurity frameworks is preferred. 
• Validate the implementation and governance of controls related to identity provider (IdP) configuration and federation protocols (e.g., SAML, OIDC).
• Evaluate the design and implementation of authorization models, including role-based (RBAC), attribute-based (ABAC), and policy-based access controls (PBAC).
• Determine the strength and efficiency of security controls governing password requirements, multi-factor authentication (MFA), and adaptive authentication for both consumer-facing access and internal platform operations.
• Assess API security, token management, and secure system integrations used for CIAM, including third-party integrations.
• Review user lifecycle automation processes, including provisioning, deprovisioning, and account synchronization.