Cyber Security Consultant – Product Security & Regulatory Compliance (m/f/d)

Show number of applicants

Period 27.04.2026 - 26.04.2027

Location Germany

Remote up to 100%

Languages

English(Advanced)

German(Advanced)

Industries

Healthcare

Business areas

Information Technology

Description

A medical device company is looking for an experienced Cyber Security Consultant to act as an independent advisor at the interface between software architecture, DevOps, and regulatory affairs. The project's goal is to develop and secure innovative digital health products (Software as a Medical Device / Connected Devices). The role involves purely technical consultancy, technical assessments, and delivery of validated security artifacts, without operational management decisions. The focus is on translating regulatory requirements (FDA, MDR, EU CRA, NIS2) into technical solutions and objectively assessing security risks.

Holistic threat modeling: Performing STRIDE-based analyses for APIs, cloud-native services, AI components, and CI/CD pipelines, and maintaining formal threat model reports.
Security architecture & design: Creating technical data flow diagrams (DFD) and Security Architecture Review Reports to document security decisions in cloud and container environments.
DevSecOps & supply chain security: Advising on hardening CI/CD pipelines, implementing "security by default," and managing SBOM artifacts (third-party risk).
Penetration testing support: Defining scopes for pen tests and fuzzing, as well as technically validating results and CVSS scores.
Vulnerability management: Assessing vulnerabilities (vulnerability impact assessments) and creating remediation plans.
Audit preparation: Compiling technical evidence and documentation for regulatory submissions (FDA, MDR, MDS2).

Requirements

Degree in computer science, cyber security, or engineering.
5–8+ years of project experience in product security, application security, or security architecture.
Excellent knowledge of threat modeling (STRIDE, PASTA), risk assessments (CVSS), and secure SDLC.
Deep expertise in cloud security (Azure/AWS), containerization (Kubernetes/Docker), API security, and CI/CD toolchains.
Experience with AI/ML security is a plus.
Proven experience with medical device standards (FDA Cybersecurity Guidelines, EU MDR, ISO 14971, IEC 62304) or comparable critical standards (ISO 21434, IEC 62443).
Ability to drive technical topics independently as an advisor, with structured, "audit-ready" documentation.
Fluent English (C1/C2) is mandatory (project and documentation language).
Fluent German (B2/C1) is desirable.
Relevant certifications such as CISSP, CCSP, CSSLP, CISM, or OSCP are highly preferred.

Not applying this time?

Get notified about similar projects matched to your experience.

Frequently asked questions

Where is the project located?

The project is based in Germany.

What is the duration of the project?

The project preferably starts in April 2026 and is planned to end in April 2027 (12 months).

What is the remote work policy for the project?

The project offers 0 - 100% remote work.

What language skills are required for the project?

The project requires English (Advanced) as essential language. Additionally, German (Advanced) is desirable.

Which industries is the project related to?

The project is related to the following industry: Healthcare.

Which business areas does the project cover?

The project covers the following business area: Information Technology.

Not available? Can I still benefit from the project?

Yes! Recommend a freelancer for the project and earn 30% of FRATCH's profits every time they get placed — for the duration of that project. Simply share your invite link with a colleague to get started.

How to apply for the project?

To apply for the project, click the Apply button on the project page to submit your profile for review. We will forward your resume to the client and get back to you within a few days.

Join other experts who are already part of our network