Sign upLog in

Senior Product Security Engineer

Trident Consulting

Burlington, MA

Apply
JOB DETAILS
SKILLS
Amazon Web Services (AWS), Architectural Design, Authentication, Automation, Best Practices, Business Services, Cloud Computing, Code Reviews, Computer Science, Computer Security, Consulting, Continuous Deployment/Delivery, Continuous Integration, Cross-Functional, Cryptography, Defense in Depth, DevOps, Docker, Documentation, Dynamic Analysis, Embedded Systems, External Audit, FDA (Food and Drug Administration), FDA Requirements, Fuzz Testing, ISO (International Organization for Standardization), Identity Data Management, Incident Response, Information Technology & Information Systems, International Business, International Electro-Technical Commission (IEC), Internet Security, Leadership, Linux Operating System, Management Strategy, Mentoring, Penetration Testing, Process Management, Product Engineering, Product Lifecycle, Product Positioning, Quality Assurance, Record Keeping, Regulations, Regulatory Compliance, Regulatory Reports, Requirements Management, Risk, Risk Analysis, Risk Management, SDL (Specification and Description Language), SSL-TLS (Secure Socket Layer - Transport Layer Security), Secure Coding, Security Architecture, Security Design, Software Development Lifecycle (SDLC), Software Engineering, Software Patches, Static Analysis, Supply Chain, Systems Engineering, Test Automation, Test Tools, Threat Modeling, Traceability, U.S. National Institute of Standards and Technology (NIST), Validation Testing
LOCATION
Burlington, MA
POSTED
30+ days ago
Trident Consulting is seeking a " Senior Product Security Engineer " for one of our clients in " Burlington, MA " A global leader in business and technology services.

Job Title: Senior Product Security Engineer
Location: Burlington, Massachusetts (Onsite)
Type: Fulltime Position

Job Summary
The Senior Product Security Engineer is a critical engineering role responsible for leading security initiatives across the entire product lifecycle. This position ensures products comply with regulatory standards and cybersecurity best practices, while providing hands-on expertise and cross-functional leadership across engineering, QA, DevOps, and compliance teams.

Key Responsibilities
1. Security Architecture & Requirements
  • Define security requirements and risk mitigation strategies for products and features
  • Translate standards ( FDA, ISO 27001, NIST, OWASP) into actionable requirements
  • Develop and maintain security architecture designs and models
2. Secure Development Lifecycle (SDLC)
  • Embed secure development practices (threat modeling, secure coding, code reviews)
  • Implement secure CI/CD practices (secrets management, dependency management, supply-chain security)
  • Collaborate with DevOps/IT to secure cloud and deployment environments
3. Testing & Validation
  • Support penetration testing, fuzzing, and static/dynamic analysis
  • Manage vulnerability processes including SBOM creation and tracking
  • Integrate automated security testing into QA and release pipelines
4. Documentation & Compliance
  • Prepare pre-market cybersecurity documentation for regulatory submissions
  • Maintain records of risk assessments, vulnerabilities, and remediation
  • Ensure audit-ready documentation and compliance traceability
5. Vulnerability & Incident Management
  • Lead vulnerability assessment and mitigation activities (pre/post-market)
  • Coordinate incident response, remediation, and regulatory reporting
  • Monitor third-party component vulnerabilities
6. Cross-Functional Leadership
  • Act as a Security Subject Matter Expert (SME)
  • Mentor engineering teams on secure design and coding practices
  • Align security strategy with compliance, regulatory, and quality teams

Required Qualifications
  • 7 10 years of experience in software engineering, cybersecurity, or related fields
  • 3 5 years in product/embedded system security (regulated industries preferred)
  • Experience in:
    • Security architecture design for embedded/connected systems
    • Secure Development Lifecycle (SDL) implementation
    • Vulnerability management and disclosure processes
    • Regulatory documentation (FDA, ISO 14971, IEC 81001-5-1)
    • Cross-functional collaboration (Engineering, QA, IT, Regulatory)

Preferred Qualifications
  • Experience as a Product Security Lead / Security POC
  • Experience integrating security automation in CI/CD pipelines
  • Exposure to external audits, penetration testing, third-party assessments

Core Technical Skills
Product Security
  • Secure design principles: least privilege, defense-in-depth, zero trust
  • Risk frameworks: NIST 800-53, NIST 800-30, ISO 27001, ISO 14971, IEC 81001-5-1
  • Cryptography: TLS, encryption, key management, hashing
  • Authentication, authorization, identity & session management
  • Secure coding: OWASP, CERT, MISRA, CWE/SANS Top 25
  • Supply chain security & SBOM (SPDX, CycloneDX)
DevOps & Infrastructure
  • CI/CD security, container security ( Docker, Podman)
  • Security tools: SAST, DAST, SCA, fuzzing, pen-testing tools
  • Cloud & infrastructure knowledge ( AWS / Linux)
  • Incident response & vulnerability disclosure
Regulatory & Compliance
  • FDA cybersecurity (premarket & postmarket)
  • Patch/update management strategies
  • Audit-ready documentation & traceability

Education
  • Minimum: Bachelor's in Computer Science, Engineering, Cybersecurity, or related field
  • Preferred: Master's in Cybersecurity, Software Engineering, or Systems Engineering

About the Company

T

Trident Consulting