Senior Product Security Engineer

Trident Consulting is seeking a " Senior Product Security Engineer " for one of our clients in " Burlington, MA " A global leader in business and technology services.

Job Title: Senior Product Security Engineer
Location: Burlington, Massachusetts (Onsite)
Type: Fulltime Position

Job Summary
The Senior Product Security Engineer is a critical engineering role responsible for leading security initiatives across the entire product lifecycle. This position ensures products comply with regulatory standards and cybersecurity best practices, while providing hands-on expertise and cross-functional leadership across engineering, QA, DevOps, and compliance teams.

Key Responsibilities
1. Security Architecture & Requirements

• Define security requirements and risk mitigation strategies for products and features
• Translate standards ( FDA, ISO 27001, NIST, OWASP) into actionable requirements
• Develop and maintain security architecture designs and models

2. Secure Development Lifecycle (SDLC)

• Embed secure development practices (threat modeling, secure coding, code reviews)
• Implement secure CI/CD practices (secrets management, dependency management, supply-chain security)
• Collaborate with DevOps/IT to secure cloud and deployment environments

3. Testing & Validation

• Support penetration testing, fuzzing, and static/dynamic analysis
• Manage vulnerability processes including SBOM creation and tracking
• Integrate automated security testing into QA and release pipelines

4. Documentation & Compliance

• Prepare pre-market cybersecurity documentation for regulatory submissions
• Maintain records of risk assessments, vulnerabilities, and remediation
• Ensure audit-ready documentation and compliance traceability

5. Vulnerability & Incident Management

• Lead vulnerability assessment and mitigation activities (pre/post-market)
• Coordinate incident response, remediation, and regulatory reporting
• Monitor third-party component vulnerabilities

6. Cross-Functional Leadership

• Act as a Security Subject Matter Expert (SME)
• Mentor engineering teams on secure design and coding practices
• Align security strategy with compliance, regulatory, and quality teams

Required Qualifications

• 7 10 years of experience in software engineering, cybersecurity, or related fields
• 3 5 years in product/embedded system security (regulated industries preferred)
• Experience in:
  • Security architecture design for embedded/connected systems
  • Secure Development Lifecycle (SDL) implementation
  • Vulnerability management and disclosure processes
  • Regulatory documentation (FDA, ISO 14971, IEC (phone number removed)-1)
  • Cross-functional collaboration (Engineering, QA, IT, Regulatory)

Preferred Qualifications

• Experience as a Product Security Lead / Security POC
• Experience integrating security automation in CI/CD pipelines
• Exposure to external audits, penetration testing, third-party assessments

Core Technical Skills
Product Security

• Secure design principles: least privilege, defense-in-depth, zero trust
• Risk frameworks: NIST 800-53, NIST 800-30, ISO 27001, ISO 14971, IEC (phone number removed)-1
• Cryptography: TLS, encryption, key management, hashing
• Authentication, authorization, identity & session management
• Secure coding: OWASP, CERT, MISRA, CWE/SANS Top 25
• Supply chain security & SBOM (SPDX, CycloneDX)

DevOps & Infrastructure

• CI/CD security, container security ( Docker, Podman)
• Security tools: SAST, DAST, SCA, fuzzing, pen-testing tools
• Cloud & infrastructure knowledge ( AWS / Linux)
• Incident response & vulnerability disclosure

Regulatory & Compliance

• FDA cybersecurity (premarket & postmarket)
• Patch/update management strategies
• Audit-ready documentation & traceability

Education

• Minimum: Bachelor's in Computer Science, Engineering, Cybersecurity, or related field
• Preferred: Master's in Cybersecurity, Software Engineering, or Systems Engineering