Back to jobs
New

Cybersecurity Engineer, DiGA (Contract)

Remote, US

Who We Are:

Click Therapeutics, Inc., develops, validates, and commercializes software as prescription medical treatments for people with unmet medical needs. As a leading innovator of Digital Therapeutics™, Click delivers accessible, clinically proven, FDA-regulated prescription treatments to the smartphone in your hand. Click’s treatments are defined by a commitment to applying technical and scientific rigor and patient-centric design to the development process. This results in uniquely engaging experiences that achieve compelling clinical outcomes for patients seeking new treatment options. Click Therapeutics continuously expands and refines its platform with novel cognitive, behavioral and neuromodulatory mechanisms of action and advanced data-driven tools such as artificial intelligence and machine learning. The digital therapeutics under development on Click’s platform address diverse areas of therapeutic need, including indications in psychiatry, neurology, oncology, immunology, and cardiometabolic diseases. Consistently named a best place to work, Click fosters an inclusive, diverse workforce of innovators, clinicians, scientists, researchers, designers, technologists, engineers and more, united in a common mission to provide patients everywhere access to safe and effective prescription digital therapeutics. For more information, visit www.clicktherapeutics.com and connect with us on LinkedIn. 

About the Role:

We are seeking a highly specialized Cybersecurity Contractor to lead the definition, documentation, and validation of security requirements for our Digital Health Application (DiGA). You will be responsible for ensuring our product meets the stringent criteria set by the DiGAV (Digital Health Applications Ordinance) and the BfArM, enabling us to secure a permanent listing in the DiGA directory. This is a US-based remote consultancy with an initial 6-month term, requiring a focused commitment of approximately 8 hours per week and offering a high probability of extension.

Responsibilities:

  • Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team.
  • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers.
  • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data.
  • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.

Qualifications:

  • DiGA Expertise: Proven experience in a successful DiGA submission process or deep familiarity with the BfArM Guide for Manufacturers.
  • Regulatory Knowledge: Deep understanding of German and EU regulations, including GDPR, DiGAV, and the Digital Healthcare Modernisation Act (DVPMG).
  • Technical Security: Strong background in OWASP Top 10 (Mobile/Web), secure API design, and cryptographic standards (AES-256, TLS 1.3).
  • Certifications: Professional certifications such as CISSP, CISA, or ISO 27001 Lead Implementer are highly preferred.
  • Fluency in English is required.

Compensation:

$125–$135 per hour, commensurate with experience, technical proficiency, and geographic location.

Benefits:

Your choice of mac or linux equipment.

Equal Employment Opportunity:

Click Therapeutics is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Click Therapeutics also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must have authorization to work for Click Therapeutics in the U.S. In certain circumstances it may be advantageous to Click Therapeutics to support the application(s) for temporary visa classification and/or sponsor applications for permanent residence so that a foreign national colleague can accept or remain in a work assignment in the U. S. For certain classes of temporary visas, the resulting work authorization may be specific to Click Therapeutics and the specific job and/or work site. Click Therapeutics may at its business discretion decide to or refrain from obtaining, maintaining and/or extending the temporary visa status and/or sponsoring a colleague for permanent residency and /or employment eligibility, considering factors such as availability of qualified U.S. workers and the colleague's long-term prospects for securing lawful permanent residence, among other reasons. Employment applicants requiring immigration sponsorship must disclose, when initial application for employment is made, whether or not they are legally authorized to work for Click Therapeutics in the U.S. and, if so, whether that authorization permits them to work in the job they seek. In no case should Click Therapeutics support of a colleague's temporary visa application or sponsorship of a colleague for permanent residence be construed to guarantee success of that application or amend or otherwise invalidate the "at-will" employment relationship between the colleague and Click Therapeutics.

Recruitment Phishing Scams:

Fake job advertisements and offers are increasingly appearing on the internet. If you have encountered a job posting or have been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond and report it to the Federal Trade Commission and the FBI at https://www.ic3.gov/Home/ComplaintChoice.

Please be mindful of the following:

  • Click Therapeutics will only reach out to you through an “@clicktherapeutics.com” email address.
  • Other than your email address or telephone number, which you may provide via a job application portal, Click Therapeutics will never ask you to provide personally identifiable information about yourself (such as a Social Security Number or Driver’s License Number) via a messaging application (like that used on the LinkedIn platform or Microsoft Teams).
  • Click Therapeutics will conduct interviews face-to-face over Zoom.
  • All job postings will be listed on the Click Therapeutics official career page.

Create a Job Alert

Interested in building your career at Click Therapeutics? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Click Therapeutics’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.