Cybersecurity Engineer, DiGA (Contract)

Click Therapeutics

14d•$125 - $135•Remote

About The Position

We are seeking a highly specialized Cybersecurity Contractor to lead the definition, documentation, and validation of security requirements for our Digital Health Application (DiGA). You will be responsible for ensuring our product meets the stringent criteria set by the DiGAV (Digital Health Applications Ordinance) and the BfArM, enabling us to secure a permanent listing in the DiGA directory. This is a US-based remote consultancy with an initial 6-month term, requiring a focused commitment of approximately 8 hours per week and offering a high probability of extension.

Requirements

DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers.
Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG).
Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3).
Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred.
Fluency in English is required.

Responsibilities

Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team.
Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers.
Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data.
Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.