Sr. Product Security Engineer

About The Position

Requirements

• Embedded Systems Experience: Demonstrated expertise in securing embedded controls platforms, with hands-on knowledge of Embedded Linux (e.g., Yocto) and RTOS environments (e.g., FreeRTOS, Zephyr Project, MicroC/OS-II).
• Connectivity Protocols: Preferred background in industrial communication protocols-CAN J1939, MQTT, OPC-UA, secure IP-based protocols, and Automotive Ethernet (100Base-T1, 10Base-T1S).
• Security Analysis: Strong grasp of static analysis (SAST) and software composition analysis techniques for vulnerability detection and remediation.
• DevOps & Automation: Familiarity with modern DevOps pipelines and tools (e.g., GitHub Actions, Azure DevOps, GitLab CI), with practical knowledge of automated testing frameworks (e.g., CppUTest).
• Communication & Collaboration: Effective communicator with strong organizational skills, adept at working with cross-functional teams and presenting technical risks to varied audiences.
• Continuous Improvement: Commitment to ongoing learning and driving continuous maturity in product security processes and technical strategies.
• Bachelor's or Master's degree in computer engineering, computer science, electrical engineering or related technical field with 5+ years of experience.

Nice To Haves

• Preferred that the candidate have experience as an embedded product security engineer.
• Experience with embedded software development and proficiency in relevant programming languages (e.g., C, C++, C#, Rust, Python).

Responsibilities

• Risk Management: Assess product security risks, develop comprehensive mitigation strategies, and evaluate technical and business trade-offs.
• Lead Security Activities: Apply the Secure Development Lifecycle and lead product security processes including architectural analysis, threat modeling, security DFMEA, penetration testing, attack modeling and simulation, and data privacy impact assessments.
• Vulnerability Management: Identify, evaluate, and verify security issues discovered through automated testing, penetration testing, and customer feedback. Maintain and track closure of vulnerability backlogs.
• Compliance & Standards: Interpret and enforce product security requirements, conduct vulnerability reviews, and ensure compliance with industry regulations and standards (IEC 62443, ISO 21434, NIST, etc.).
• Security Tools Oversight: Monitor outputs and effectiveness from all security tools integrated within the software development lifecycle.
• Technical Guidance: Advise, guide, and mentor cross-disciplinary engineering teams during the design, review, and implementation of security features.
• Assurance: Validate that software meets all functional, security, regulatory (cybersecurity compliance), and quality benchmarks-particularly within industrial and transportation environments.

Benefits

• Benefits kick in on DAY ONE for you and your family, including health insurance and holistic wellness programs that include generous incentives - WE DARE TO CARE!
• Family building benefits include fertility coverage and adoption/surrogacy assistance.
• 401K match up to 6%, plus an additional 2% core contribution = up to 8% company contribution.
• Paid time off, including in support of volunteer and parental leave needs.
• Educational and training opportunities through company programs along with tuition assistance and student debt support.