Sr. Product Security Engineer II

About The Position

Requirements

• 7–10 years total professional experience in software engineering, cybersecurity, or related technical fields.
• 3–5 years focused on product or embedded system security, ideally within regulated or safety-critical industries (medical device, aerospace, automotive, or defense).
• Demonstrated experience with designing or assessing security architectures for embedded or connected systems.
• Implementing secure development lifecycle (SDL) practices within engineering teams.
• Leading or participating in vulnerability management and coordinated disclosure processes.
• Generating pre-market cybersecurity documentation or equivalent regulatory submissions (e.g., FDA, ISO 14971, IEC 81001-5-1).
• Collaborating cross-functionally (engineering, QA, regulatory, IT) to implement and sustain security programs.

Nice To Haves

• Prior experience as a product security lead or security point of contact for a commercial medical or industrial product.
• Experience integrating security testing automation into CI/CD environments.
• Experience supporting external audits, penetration tests, or third-party security assessments.

Responsibilities

• Define security requirements and risk mitigations for new products and features.
• Translate regulatory and industry security standards (e.g., FDA, ISO 27001, NIST, OWASP) into actionable product requirements.
• Develop and maintain security architecture diagrams and models for software and integrated systems.
• Embed secure development practices (threat modeling, secure coding, code review standards) into the software development lifecycle.
• Define and support secure CI/CD practices, including secrets management, dependency management, and supply-chain security.
• Partner with DevOps/IT to secure cloud infrastructure, build pipelines, and deployment environments.
• Assist the testing team with security testing efforts for new and on-market products, including penetration testing, fuzzing, and static/dynamic code analysis.
• Update and maintain vulnerability management processes, including SBOM creation and maintenance.
• Collaborate with QA to integrate automated security testing into regression and release pipelines.
• Generate and maintain pre-market security documentation to support regulatory submissions (e.g., security risk assessments, security architecture views, threat models, FDA cybersecurity guidance compliance).
• Maintain records of vulnerability assessments, mitigations, and patch processes.
• Support audit and inspection readiness with thorough, traceable documentation.
• Manage product vulnerability assessment and mitigation activities, both pre-market and post-market.
• Coordinate cross-functional response to newly discovered vulnerabilities, including communication, remediation, and regulatory reporting.
• Track and monitor vulnerability disclosures from third-party libraries and components.
• Act as the security subject matter expert across product teams.
• Provide training and mentoring to engineers on secure design and coding practices.
• Partner with compliance, regulatory, and quality teams to align product security strategy with organizational goals.

Benefits

• 401k
• health_insurance
• dental_insurance
• vision_insurance
• paid_holidays
• tuition_reimbursement
• flexible_scheduling
• professional_development