Principal SDET, Cybersecurity Test Engineer

Job Title:

Principal SDET, Cybersecurity Test Engineer

Location:

Lakewood, CO
Type:
Direct Hire

Job Summary:

System One is seeking a Principal SDET – Cybersecurity Test Engineer for a full-time/permanent opportunity in Lakewood, CO. As a Sr. Technical Leader, this role is responsible for developing and driving the cybersecurity testing strategy across the Software Quality Engineering organization while enabling the broader organization to consistently implement and execute a unified cybersecurity testing approach. A core focus of this role is embedding cybersecurity as a continuous, front‑loaded component of the software development lifecycle to enable early identification and prevention of vulnerabilities and potential security risks, while maintaining compliance with medical device regulatory requirements.

The Principal SDET is responsible for evaluating, documenting, managing, and developing cybersecurity tests for software systems within the R&D organization. This individual ensures comprehensive coverage of cybersecurity requirements that are translated into actionable, testable, and verifiable outcomes across teams, enabling consistent execution of cybersecurity test strategies.

• Define a standardized cybersecurity testing strategy for the Software Quality Engineering organization that aligns with product architecture, regulatory requirements, and business goals.
• Train and mentor engineers on cybersecurity testing practices, build training materials, and run knowledge transfer sessions so teams can execute independently.
• Build cybersecurity test plans that meet medical device regulatory standards.
• Run risk and vulnerability assessments on new and existing products and put security testing protocols in place to protect sensitive data.
• Oversee the design and execution of automated test scripts and frameworks across all levels of the test pyramid and apply design patterns suited to security testing.
• Lead dynamic application security testing (DAST) and advise the group on the feasibility, implementation, and maintenance of cybersecurity test automation.
• Work with architecture teams to set cybersecurity testing standards and shape software architecture and development practices so vulnerabilities surface earlier.
• Partner with development, cybersecurity, quality assurance, peer engineers, and architects to find vulnerabilities and embed security testing into the product lifecycle.
• Coordinate with external partners and consultants on joint security testing.
• Contribute to multiple codebases within Scrum teams, resolve environment and test automation issues, and review and approve code and test changes.
• Lead discussions about which test level is right for a given piece of functionality, and engage at any test level when the work requires it.
• Keep up with new cybersecurity threats, tools, and practices, and revise testing methods when needed.

• Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent education and experience.
• Minimum 8 years experience in an SDET role, with at least 5 years experience in Cybersecurity Testing.
• Strong foundation in computer science fundamentals, including design patterns, data structures, object-oriented programming (OOP), and software design principles.
• Proficient in object-oriented and embedded software development using C#, C++, and Python.
• Deep expertise in cybersecurity principles, frameworks, and secure software development practices, particularly for medical devices.
• Skilled in identifying, assessing, and mitigating security vulnerabilities, including performing structured risk assessments.
• Extensive experience designing and implementing automated test frameworks and scripting solutions.
• Proficient in applying cybersecurity testing across all levels, including unit, integration, and system testing.
• Experience in integrating automated testing and security practices into CI/CD pipelines (Dev Sec Ops ).
• Hands‑on experience with DAST and other security testing tools, methodologies, and techniques.
• Holds relevant cybersecurity and product security certifications (e.g., CISSP, CSSLP, OSCP).
• Familiar with modern development technologies,…