Cybersecurity Engineer

Who We Are:

Click Therapeutics, Inc., develops, validates, and commercializes software as prescription medical treatments for people with unmet medical needs. As a leading innovator of Digital Therapeutics™, Click delivers accessible, clinically proven, FDA-regulated prescription treatments to the smartphone in your hand. Click’s treatments are defined by a commitment to applying technical and scientific rigor and patient-centric design to the development process. This results in uniquely engaging experiences that achieve compelling clinical outcomes for patients seeking new treatment options. Click Therapeutics continuously expands and refines its platform with novel cognitive, behavioral and neuromodulatory mechanisms of action and advanced data-driven tools such as artificial intelligence and machine learning. The digital therapeutics under development on Click’s platform address diverse areas of therapeutic need, including indications in psychiatry, neurology, oncology, immunology, and cardiometabolic diseases. Consistently named a best place to work, Click fosters an inclusive, diverse workforce of innovators, clinicians, scientists, researchers, designers, technologists, engineers and more, united in a common mission to provide patients everywhere access to safe and effective prescription digital therapeutics. For more information, visit www.clicktherapeutics.com and connect with us on LinkedIn.

​

About the Role:

We are seeking a highly specialized Cybersecurity Contractor to lead the definition, documentation, and validation of security requirements for our Digital Health Application (DiGA). You will be responsible for ensuring our product meets the stringent criteria set by the DiGAV (Digital Health Applications Ordinance) and the BfArM, enabling us to secure a permanent listing in the DiGA directory. This is a US-based remote consultancy with an initial 6-month term, requiring a focused commitment of approximately 8 hours per week and offering a high probability of extension.

​

Responsibilities:

• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team.
• Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers.
• Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data.
• Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.

​

Qualifications:

• DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers.
• Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG).
• Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3).
• Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred.
• Fluency in English is required.

​

Compensation:

$125–$135 per hour, commensurate with experience, technical proficiency, and geographic location.

​

Benefits:

Your choice of mac or linux equipment.

​

Location:

Remote, US

​

How to Apply

Note: This is a syndicated job post. Fractional Jobs found it on the web, but we are not working with the client directly, so we don't have control over or knowledge of the application process. To apply, click on the "View Application" button and follow the application's instructions. Let us know how it goes!