Principal SDET, Cybersecurity Test Engineer

Lead the cybersecurity testing strategy across the Software Quality Engineering organization and integrate security early in the software development lifecycle for medical device software.

Responsibilities

• Define a standardized cybersecurity testing strategy for the Software Quality Engineering organization that aligns with product architecture, regulatory requirements, and business goals.
• Educate engineers on cybersecurity testing, develop training materials, and lead knowledge transfer sessions to enable independent execution.
• Build cybersecurity test plans that satisfy medical device regulatory standards.
• Perform risk and vulnerability assessments on new and existing products and implement security testing protocols to safeguard sensitive data.
• Oversee the design and execution of automated test scripts and frameworks across the test pyramid, applying security-focused design patterns.
• Oversee dynamic application security testing (DAST) and guide the group on feasibility, implementation, and maintenance of cybersecurity test automation.
• Collaborate with architecture teams to establish cybersecurity testing standards and influence software design to surface vulnerabilities earlier.
• Partner with development, cybersecurity, QA, peers, and architects to identify vulnerabilities and embed security testing into the product lifecycle.
• Coordinate with external partners and consultants on joint security testing initiatives.
• Contribute to multiple codebases within Scrum teams, resolve environment and test automation issues, and review and approve code and test changes.
• Lead discussions on appropriate test levels for specific functionality, and participate across levels as needed.
• Stay current with new cybersecurity threats, tools, and practices, updating testing methods accordingly.

Requirements

• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent education and experience.
• Minimum 8 years of experience in an SDET role, with at least 5 years focused on cybersecurity testing.
• Strong computer science fundamentals, including design patterns, data structures, OOP, and software design principles.
• Proficient in object-oriented and embedded software development using C#, C++, and Python.
• Deep expertise in cybersecurity principles, frameworks, and secure software development practices, especially for medical devices.
• Skilled at identifying, assessing, and mitigating security vulnerabilities, including conducting structured risk assessments.
• Extensive experience designing and implementing automated test frameworks and scripting solutions.
• Proficient in applying cybersecurity testing across unit, integration, and system levels.
• Experience integrating automated testing and security practices into CI/CD pipelines (DevSecOps).
• Hands-on experience with DAST and other security testing tools, methodologies, and techniques.
• Relevant cybersecurity and product security certifications (eg, CISSP, CSSLP, OSCP).
• Familiar with modern development technologies including Docker, REST APIs, JSON, and cloud platforms (Azure).
• Skilled in source code management and collaborative workflows (Git-based environments).
• Proven ability to drive organizational change, align stakeholders, and lead adoption of engineering and security best practices.
• Strong technical leadership and cross-functional communication skills capable of influencing architecture, development, and quality strategies.
• Self-driven, adaptable, and committed to continuous learning, innovation, and process improvement.

Compensation

Salary: USD 144,000 - 180,000 per year • Location: Denver, CO onsite

Technologies

• C#
• C++
• Python
• Docker
• REST APIs
• JSON
• Azure
• Git
• DAST

Benefits

• Health and welfare benefits coverage (medical, dental, vision, spending accounts, life insurance, voluntary plans) and 401(k) plan.