Назад
Company hidden
21 час назад

Senior Product Security Engineer (Cybersecurity)

116 500 - 141 400$
Формат работы
onsite
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Product Security Engineer (Cybersecurity): Own the security posture of product ecosystems by designing automated security workflows, managing compliance audits, and leading vulnerability lifecycle management with an accent on DevSecOps integration and compliance frameworks like SOC 2 and ISO 27001. Focus on building automated governance structures, integrating security tools into CI/CD pipelines, and driving secure SDLC practices to enable secure product shipping by default.

Location: Westford, MA, United States

Salary: $116,500–$141,400

Company

hirify.global provides staffing and workforce solutions with a commitment to diversity, equity, and inclusion, offering benefits for temporary assignments lasting 13 weeks or longer.

What you will do

  • Design and implement automated security workflows within CI/CD pipelines integrating SCA, SAST, and DAST tools.
  • Lead detection, triage, and remediation coordination for product vulnerabilities with real-time security posture dashboards.
  • Define and enforce standards for Software Bill of Materials (SBOM) and third-party dependency security.
  • Own evidence collection and control validation for SOC 2 and ISO 27001 audits ensuring audit readiness.
  • Drive secure SDLC practices including threat modeling and security policy development aligned with NIST/OWASP.
  • Act as subject matter expert for customer security inquiries and compliance governance.

Requirements

  • Location: Westford, MA, United States
  • 5–7 years of professional experience in cybersecurity, product security, or DevSecOps.
  • Hands-on experience with automated code scanning, vulnerability management, and SBOM frameworks.
  • Deep knowledge of SOC 2 and ISO 27001 compliance frameworks.
  • Proficiency in scripting languages such as Python, PowerShell, or Bash for automation.

Nice to have

  • Experience with cloud-native security, container/Kubernetes hardening, and SIEM integration.
  • Strong communication skills to translate technical security concepts for business and executive audiences.
  • Proactive approach to emerging regulatory requirements in software supply chain security.

Culture & Benefits

  • Major medical, dental, vision, 401k, and statutory sick pay for assignments 13 weeks or longer.
  • Commitment to reasonable accommodations for individuals with disabilities.
  • Participation in E-Verify program as required by law.
  • Equal opportunity employer with consideration for applicants with criminal histories in compliance with relevant laws.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →