Product and Application Security Engineer

About The Position

Requirements

• 6–10+ years of experience in product security, embedded security, application security, or IoT security
• Hands-on experience across multiple layers of the stack, including: Application security (OWASP, API security) Firmware or embedded systems Network protocols and device communications
• Strong ability to perform: Manual code review Firmware analysis (static/dynamic) System-level threat analysis
• Experience with security tooling across SAST, DAST, SCA, firmware analysis, and network testing
• Working knowledge of modern architectures (cloud, microservices, device-cloud integration)
• Ability to leverage Ai..

Nice To Haves

• Experience with industrial systems, energy, or OT environments
• Familiarity with hardware security concepts (secure boot, TPM, hardware roots of trust)
• Experience with reverse engineering or low-level debugging
• Exposure to SBOM/HBOM frameworks and supply chain security models (SLSA, etc.)
• Certifications such as OSCP, OSCE, OSWE, GXPN, or similar

Responsibilities

• Perform security assessments across: Applications (web, APIs, backend services) Firmware and embedded systems Hardware interfaces and device communications Cloud-connected platforms and IoT ecosystems
• Conduct code review, firmware analysis, and system-level security testing
• Identify and validate vulnerabilities across the entire product attack surface
• Embed security into SDLC across software, firmware, and device-integrated systems
• Define and implement secure design patterns across: Application layers Device firmware Communication protocols
• Partner with engineering to ensure secure-by-design architecture decisions
• Perform and support penetration testing, firmware analysis, and device-level assessments
• Validate findings from internal testing, third-party assessments, and teardowns
• Simulate real-world attack paths across device → network → cloud → application
• Triage and validate vulnerabilities across software, firmware, and hardware layers
• Provide clear, actionable remediation guidance tailored to engineering teams
• Track and drive remediation aligned to risk and customer impact
• Support SBOM/HBOM analysis and validation
• Identify risks in third-party libraries, firmware components, and hardware dependencies
• Assist in mitigation strategies across supplier-integrated components
• Evaluate security risks in: IoT architectures and edge devices Cloud-native and distributed systems Agentic / autonomous system behaviors (where applicable)
• Help define guardrails for secure adoption of new technologies
• Act as a trusted technical partner to software, firmware, and hardware teams
• Translate security findings into practical engineering fixes
• Provide real-time guidance during development, not just post-testing
• Contribute to a culture of security ownership within engineering
• Experience leveraging AI/ML-assisted tools to improve security engineering outcomes, including: Code analysis and vulnerability detection Secure code generation and review validation Automation of repetitive security testing and triage tasks
• Ability to integrate AI capabilities into engineering workflows, including: API-based integrations with development and security tooling Automation of security processes within CI/CD pipelines
• Working understanding of security risks associated with AI-enabled systems, including: Prompt injection and model misuse Data exposure and model leakage risks Secure handling of sensitive data in AI workflows
• Practical ability to build lightweight automation and tooling (scripts, integrations, or pipelines) to scale security operations