Senior Product Cybersecurity Engineer

Role Summary

Lead product security across the full lifecycle, ensuring compliance with regulatory standards (FDA, ISO, NIST) and industry best practices. Drive secure architecture, development, testing, and post-market security for connected and embedded products.

Key Responsibilities

• Define and implement security architecture, requirements, and risk mitigations for products.
• Integrate Secure Development Lifecycle (SDL) practices (threat modeling, secure coding, code reviews, CI/CD security).
• Partner with DevOps to secure cloud, infrastructure, and deployment pipelines.
• Lead security testing (SAST, DAST, penetration testing, fuzzing) and automate security in release pipelines.
• Manage vulnerability lifecycle including SBOM, disclosures, remediation, and incident response.
• Develop and maintain regulatory and audit-ready documentation (FDA, ISO, NIST compliance).
• Act as security SME, mentoring teams and aligning with engineering, QA, and regulatory stakeholders.

Required Experience

• 7–10 years in software engineering/cybersecurity, with 3–5 years in product or embedded security.
• Strong experience in:
  • Security architecture for connected/embedded systems
  • SDL implementation and CI/CD security
  • Vulnerability management and coordinated disclosure
  • Regulatory compliance (FDA, ISO 27001, NIST, IEC standards)

Technical Skills

• Secure design principles (Zero Trust, least privilege, defense-in-depth)
• Security testing tools (SAST, DAST, SCA, fuzzing)
• Cryptography, authentication, and identity management
• Cloud & DevOps security (AWS, containers, secrets management)
• SBOM and supply chain security

Preferred

• Master’s degree in Cybersecurity, Software Engineering, or Systems Engineering (ideal for regulated product security leadership).