Embed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process.
Identify vulnerabilities and security gaps during the design phase to present exploitation.
Define and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication.
Own firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation.
Design and govern end-to-end encryption strategies spanning device, edge, and cloud.
Establish security requirements for low-cost hardware, balancing risk, cost, and operational constraints.
Conduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces.
Partner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls.
Own product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews.
Manage coordinated vulnerability disclosure and CVE processes where applicable.
Lead Product Lifecycle Management security initiatives from concept throughout development, release, and maintenance.
Conduct product security testing and oversee penetration testing, vulnerability scans, and code reviews.
Define the product security strategic roadmap, goals, priorities, features and align product security with business objectives.

Requirements

Successfully pass background check for cybersecurity site access.
7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security
Hands on experience with programming languages like Python, Java, C++, or Go.
Mastery of security tools like Burp Suite, Checkmarx, or SonarQube.
Security Frameworks – solid understanding of OWASP Top 10, NIST and SOC2 compliance
Specific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard
Experience with Azure
7+ years of experience with scripting automation for security tasks using Python
Practical experience with at least one major SIEM – Splunk
Strong analytical and problem-solving skills
Ability to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders.
Detail oriented with good documentation habits.
Bachelor’s degree in computer science or cyber security or related field

Benefits

Medical, Vision, Dental Insurance
Health Savings Account with Employer contributions
401(k) with Employer match
Short-term & Long-term Disability Coverage
Accidental Death & Dismemberment Coverage
Life Insurance Coverage
80 hours of Paid-Time-Off annually
Eight paid holidays per year

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cyber securityvulnerability managementcloud securityprogramming languagesscripting automationsecurity controlsproduct security testingpenetration testingencryption strategiesthreat modeling

Soft Skills

analytical skillsproblem-solving skillscommunication skillsdetail orienteddocumentation habits