Cloud Security Engineer / Cloud Security Analyst- Neuro
Oakville, Canada (Hybrid)
Job Summary:
We are seeking a Cloud Security Engineer with deep expertise in implementing comprehensive cybersecurity controls for medical devices throughout their product lifecycle. This role will focus on identifying security risks, implementing secure configurations, and ensuring the safety of medical devices across cloud environments. You will work closely with development teams to ensure security from design through deployment, utilizing threat modeling (STRIDE), vulnerability management tools like Tenable Nessus, and monitoring with Microsoft Sentinel and Defender for Cloud. Additionally, you will leverage secure code scanning tools for Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST). Proficiency in secure coding, input validation, robustness testing, and penetration testing is essential, along with a deep understanding of secure configurations for Microsoft Azure.
Industry-Specific Challenges:
This role involves addressing unique challenges within the healthcare and medical device industry, including managing the cybersecurity of legacy devices that may not have been designed with modern security standards and supporting the digital transformation of products from on-premise to cloud-based environments. You will work to secure both older devices and new cloud-native applications, ensuring a seamless and secure transition to modern infrastructures and technologies.
Key Responsibilities:
- Collaborate with development teams to define, implement, and maintain security requirements for medical device applications throughout the product lifecycle.
- Perform threat modeling using STRIDE and other methodologies to identify and mitigate security risks.
- Utilize SCA, SAST, and DAST tools to analyze code and detect vulnerabilities across software components, ensuring secure development practices.
- Conduct input validation, robustness testing, and penetration testing to ensure medical device applications are resilient against attacks.
- Implement and monitor cybersecurity controls using vulnerability management tools (e.g., Tenable Nessus) and web application scanning solutions.
- Oversee security operations with Microsoft Sentinel and Defender for Cloud, ensuring continuous monitoring, incident detection, and response.
- Ensure secure configurations for Microsoft Azure environments, maintaining compliance with security best practices and regulatory requirements.
- Review country-specific market authorization product registration requirements and cybersecurity documentation for compliance with international standards and regulations.
- Respond, triage, and investigate external product security signals to assess risks and ensure timely remediation.
- Assist in completing customer risk assessments and responding to security-related questionnaires about company products and practices.
- Develop and maintain high-quality security documentation, including risk assessments, security design controls, and guidelines for both internal teams and external stakeholders.
- Support secure coding practices by collaborating with cross-functional teams to implement system hardening guidelines and vulnerability management strategies.
- Stay current with emerging security threats, vulnerabilities, and cloud security trends, continuously enhancing the security posture of medical devices.
Required Qualifications:
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
- Strong coding background with a deep understanding of secure coding principles, software development practices, and application security testing.
- Experience with SCA, SAST, and DAST tools for secure code scanning and vulnerability identification.
- Proficient in input validation, robustness testing, and penetration testing for applications. (highly preferred in medical device applications).
- Strong knowledge of Microsoft Azure security configurations and cloud security practices.
- Hands-on experience with vulnerability management tools (e.g., Tenable Nessus) and web application security testing.
- Proficiency with Microsoft Sentinel and Defender for Cloud for security monitoring and incident management.
- Familiarity with medical device regulatory or industry standards (HIPAA, FDA, SOC2, HITRUST, ISO27001) and secure product development frameworks.
- Excellent documentation and communication skills, with the ability to present complex security concepts clearly to technical and non-technical stakeholders.
- Ability to collaborate effectively in cross-functional teams and support secure product development from concept to post-launch.
Preferred Certifications (not required):
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Ethical Hacker (CEH)
- Microsoft Certified: Azure Security Engineer Associate
- GIAC Certified Penetration Tester (GPEN) or equivalent penetration testing certification
- Certified Secure Software Lifecycle Professional (CSSLP)
- CompTIA Security+ or CompTIA CySA+
This role provides an exciting opportunity to contribute to the cybersecurity of innovative medical device technologies, ensuring both patient safety and data protection across cloud-based environments.
Compensation and Benefits: Along with a competitive salary and bonus structure, we offer a comprehensive benefit package to start day 1: Health benefits, retirement savings plan, statutory holidays, 3 weeks’ vacation, 7 sick days, tuition reimbursement up to $5K annually (eligible after your first year), and more!
Natus Medical Incorporated is recognized by healthcare providers globally as the source for solutions to screen, diagnose and treat disorders of the brain, neural pathways and sensory nervous system. Our vision is to deliver innovative and trusted solutions to advance the standard of care and improve patient outcomes and quality of life. Natus products are used in hospitals, clinics and laboratories worldwide.
EEO Statement: Natus Medical is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status.
Accessibility: Natus is committed to creating an inclusive environment that accommodates all individuals, including those with disabilities. We support the goals of the Accessibility for Ontarians with Disabilities Acts (AODA) and have established policies, procedures and practices which adhere to the accessibility standards set out in the AODA. Should you require any accommodation throughout the recruitment process please do not hesitate to contact our Human Resources Department.
#LI-NR #INDNATUS #Canadajobs #Hybrid #Natuscareers #careers #oakvillejobs