Cyber Security Consultant – Product Security & Regulatory Compliance (m/f/d)

Show number of applicants

Period 22.06.2026 - 21.06.2027

Location Germany

Remote up to 100%

Languages

English (Advanced)

German (Advanced)

Industries

Healthcare

Areas

Information Technology

Description

A medical technology company is looking for an experienced Cyber Security Consultant to act as an independent advisor at the interface of software architecture, DevOps and regulatory affairs. The project aims to develop and secure innovative digital health products (Software as a Medical Device / Connected Devices). The position involves purely technical consulting, technical assessments and the delivery of validated security artefacts, without operational management decisions. The focus is on translating regulatory requirements (FDA, MDR, EU CRA, NIS2) into technical solutions and objectively assessing security risks.

Holistic Threat Modeling: Conduct STRIDE-based analyses for APIs, cloud-native services, AI components and CI/CD pipelines, and maintain formal threat model reports.
Security Architecture & Design: Create technical data flow diagrams (DFD) and security architecture review reports to document security decisions in cloud and container environments.
DevSecOps & Supply Chain Security: Advise on hardening CI/CD pipelines, implementing "security-by-default" and managing SBOM artefacts (third-party risk).
Penetration Testing Support: Define the scope for pen tests and fuzzing, and technically validate the results and CVSS scores.
Vulnerability Management: Assess vulnerabilities (vulnerability impact assessments) and develop remediation plans.
Audit Preparation: Compile technical evidence and documentation for regulatory submissions (FDA, MDR, MDS2).

Requirements

Degree in Computer Science, Cyber Security or Engineering.
5–8+ years of project experience in product security, application security or security architecture.
Excellent knowledge of threat modeling (STRIDE, PASTA), risk assessments (CVSS) and secure SDLC.
Deep expertise in cloud security (Azure/AWS), containerization (Kubernetes/Docker), API security and CI/CD toolchains.
Experience with AI/ML security is a plus.
Proven experience with medical technology standards (FDA Cybersecurity Guidelines, EU MDR, ISO 14971, IEC 62304) or comparable critical standards (ISO 21434, IEC 62443).
Ability to drive technical topics independently as an advisor, with a structured, "audit-ready" documentation style.
Fluent English (C1/C2) is mandatory (project and documentation language).
German fluent (B2/C1) is desirable.
Relevant certifications such as CISSP, CCSP, CSSLP, CISM or OSCP are highly desired.

Not applying this time?

Get notified about similar projects matching your experience.

Frequently asked questions

The project is based in Germany.

The project preferably starts in June 2026 and is planned to end in June 2027 (12 months).

The project offers 0 - 100% remote work.

The project requires English (Advanced) as essential language. Additionally, German (Advanced) is desirable.

The project is related to the following industry: Healthcare.

The project covers the following business area: Information Technology.

Yes! Recommend a freelancer for the project and earn 30% of FRATCH's profits every time they get placed — for the duration of that project. Simply share your invite link with a colleague to get started.

To apply for the project, click the Apply button on the project page to submit your profile for review. We will forward your resume to the client and get back to you within a few days.

Join other experts who are already part of our network