Cybersecurity Engineer, DiGA – Contract
Job Description:
• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team.
• Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers.
• Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data.
• Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.
Requirements:
• DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers.
• Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG).
• Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3).
• Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred.
• Fluency in English is required.
Benefits:
• Your choice of mac or linux equipment.
Apply Now
Apply Now
• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team.
• Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers.
• Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data.
• Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.
Requirements:
• DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers.
• Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG).
• Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3).
• Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred.
• Fluency in English is required.
Benefits:
• Your choice of mac or linux equipment.
Apply Now
Apply Now