Principal Product Security Engineer (Cybersecurity)

TL;DR

Principal Product Security Engineer (Cybersecurity): Driving product security operations including threat modeling, risk assessments, vulnerability management, and secure development lifecycle oversight with an accent on aligning controls to mitigate risks in products. Focus on developing security strategies, automating processes, monitoring industry threats, and supporting incident response to protect customers and enable secure releases.

Bedford, Massachusetts

$120,900 - $151,100

Company

hirify.global is a global leader in industrial software, focused on advancing asset optimization and operational excellence.

What you will do

• Support design, implementation, and oversight of Product Secure Development Lifecycle including security requirements, threat models, risk assessments, scanning, and validation.
• Drive product security efforts to resolve challenges, enable automation, and improve organizational security culture.
• Administer security practices to product teams, technology groups, and security champions.
• Monitor best practices, standards, regulations, threats, and risks for product security improvements.
• Evaluate vulnerabilities from bulletins, formulate mitigation plans, and participate in ASERT for incident analysis and response.
• Continuously improve product security policies, procedures, tools, guidelines, and awareness.

Requirements

• Bachelor’s degree in computer science or equivalent technical discipline.
• 5+ years in information security or with security/development teams.
• Experience with application/product security, risk assessment, threat models, secure architecture/design, security scanning.
• Ability to plan, design, develop, deploy, and maintain application security best practices.
• Knowledge of security regulatory requirements, frameworks like ISO27002, NIST.
• Experience with cloud solutions such as Azure and AWS.
• Strong ability to work independently and collaboratively across organizational levels.

Nice to have

• Exposure to automation and AI.
• Knowledge of IEC 62443, NIST 800-53, ISO 27001/27002, CSA, CISA, SANS, OWASP, CWE, ethical hacking, AI security.
• Certifications: CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, AWS/Azure security.
• Experience with SAST, DAST, SCA, web/cloud security, pen testing, fuzz testing, CVSS, STRIDE, DREAD.
• Application development technologies, Agile, RUP, CICD, DevSecOps.

Culture & Benefits

• Comprehensive benefits including paid time off, charitable giveback day, medical/dental/vision insurance, retirement benefits.
• Rich career development programs, community service support, social events for relationship building.
• Opportunity for bonus or variable incentive pay.
• Global community fostering passion, pride, and aspiration.
• Occasional after-hours/weekend work for critical tasks.