Job Title: Cybersecurity Specialist
Job Location: Lafayette, Colorado (Fully Onsite)
Type: W2 contract
Duration: 6 months
We are looking for a Cybersecurity Specialist with an engineering mindset to support secure product development for medical devices. The role focuses on secure design, threat analysis, and security documentation rather than traditional IT/network security.
Key Responsibilities:
• Develop threat models and assess security risks with mitigation strategies
• Create and maintain SBOMs (Software Bill of Materials)
• Analyze CVEs, CWEs, and CVSS scores for product impact
• Support product teams in building secure-by-design solutions
• Review penetration testing results and vulnerability reports
• Document risk assessments and communicate findings to stakeholders.
Must-Have Skills:
• Strong experience in Threat Modeling
• Knowledge of SBOMs (CycloneDX preferred)
• Understanding of CVSS, CVE, and CWE frameworks
• Familiarity with OWASP Top 10 and security best practices
• Experience with tools like Microsoft Threat Modeling Tool, Dependency-Track, NVD
• Good communication skills (ability to explain security concepts to non-technical teams).
Basic Qualifications:
• Bachelor’s degree in Cybersecurity / Computer Science / Engineering
• 2+ years of cybersecurity experience
• Basic understanding of networking concepts.
Nice to Have:
• Knowledge of medical device security standards (IEC 62304, IEC 81001-5-1)
• Familiarity with FDA pre/post-market security guidelines.
