Cybersecurity Engineer, DiGA – Contract
Job Description: • Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines. Requirements: • DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers. • Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG). • Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3). • Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred. • Fluency in English is required. Benefits: • Your choice of mac or linux equipment. Apply tot his job