Plus
Включить Plus
Назад
Company hidden
17 часов назад

Principal Product Security Engineer (Cloud)

120 900 - 151 100$
Формат работы
onsite
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Principal Product Security Engineer (Cloud/AppSec): Designing and overseeing the Product Secure Development Lifecycle with an accent on risk mitigation, threat modeling, and vulnerability management. Focus on implementing SAST/DAST/SCA tools, securing cloud architectures in Azure/AWS, and leading the Security Emergency Response Team (ASERT).

Location: Bedford, Massachusetts

Salary: $120,900 - $151,100

Company

hirify.global is a global leader in industrial software, focusing on pushing the envelope of technology to find better ways to protect clients and deliver secure development.

What you will do

  • Support the design, implementation, and oversight of the Product Secure Development Lifecycle (SDLC).
  • Develop threat models, conduct risk assessments, and oversee vulnerability tracking and mitigation.
  • Administer security practices across product teams and manage the security champion program.
  • Monitor industry threats and regulations to enhance the company's security profile.
  • Serve as a key member of the Security Emergency Response Team (ASERT) for customer-reported incidents.
  • Collaborate with development teams and senior leaders to drive security culture and automation.

Requirements

  • Location: Must be based in Bedford, Massachusetts
  • Bachelor’s degree in computer science or a technical equivalent.
  • 8+ years of experience in IT, with at least 5 years in an information security role.
  • Knowledge of ISO27002, NIST, and other information security frameworks.
  • Experience with SAST, DAST, SCA, and cloud security configuration (Azure, AWS).
  • Proficiency in AppSec best practices including STRIDE, DREAD, CVSS, and pen testing.

Nice to have

  • Certifications such as CISSP, CISA, CCSP, CSSLP, CEH, or SANS GIAC.
  • Exposure to IEC 62443, NIST 800-53, or AI Security best practices.
  • Knowledge of OWASP, CWE 25, and ethical hacking.
  • Cloud security certifications from AWS or Azure.

Culture & Benefits

  • Comprehensive medical, dental, and vision insurance.
  • Retirement benefits and paid time off.
  • Charitable giveback day to support community service.
  • Rich set of career development programs and social events.
  • Opportunity to work within a global community of passionate professionals.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →