Principal Product Security Cloud Engineer
Mondo
Job Description
Job DescriptionJob DescriptionApply now: Principal Product Security Cloud Engineer, location is Hybrid (Remote/Onsite). The start date is ASAP for this contract position.Job Title: Principal Product Security Cloud Engineer
Location-Type: Hybrid (Remote/Onsite – US East Coast hours)
Start Date Is: ASAP
Duration: Contract
Compensation Range:$150-170k Bonus
Benefits: Eligible for Health, Dental, Vision, 401K, PTO
Not eligible for Visa sponsorshipJob Description:
This role is responsible for leading cloud and product security initiatives, ensuring secure design, compliance, and risk mitigation across connected medical device ecosystems.Day-to-Day Responsibilities:Develop and maintain product security documentation (threat models, risk assessments, SBOM, etc.)Design and implement cloud security controls within Azure environmentsCollaborate with engineering teams to integrate security into DevOps/CI-CD pipelinesPerform security risk assessments for cloud and application infrastructureDefine and enforce cryptographic standards (PKI, encryption, key management)Support regulatory submissions with security documentation (FDA, etc.)Conduct vulnerability management, including SAST, SCA, and penetration testing coordinationImplement secure device-to-cloud communication (IoT security, Zero Trust, mTLS)Monitor post-market vulnerabilities and support remediation effortsRequirements:Must-Haves:Strong experience with Microsoft Azure and cloud security architectureHands-on experience with threat modeling, risk assessments, and security documentationDeep understanding of PKI, encryption, and certificate managementExperience in medical device or regulated environmentsKnowledge of security tools (e.g., Snyk, Veracode, Wiz)Experience working in DevSecOps / Agile environmentsFamiliarity with compliance frameworks (NIST, ISO 27001, SOC2, HIPAA, etc.)Experience securing IoT or device-to-cloud systemsStrong communication and cross-functional collaboration skillsNice-to-Haves:Experience with FDA regulatory submissionsKnowledge of containerization (Docker, Kubernetes)Experience with Zero Trust architecture and cloud HSMs