Jobs · Information Technology · California

Cybersecurity Engineer, Product Security

CHAOS Industries · San Francisco, CA · 4 wk ago
On-siteInformation TechnologyFull-time

Role Overview

The ideal candidate will lead security efforts for CHAOS Industries' next-generation sensor platforms and supporting software ecosystems, working closely with various engineering teams.

Responsibilities

  • Product Security Engineering
  • Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure
  • Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)
  • Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems
  • Develop secure design standards, engineering guidance, and product security best practices
  • Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation
  • Threat Modeling & Risk Assessment
  • Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure
  • Conduct cybersecurity risk assessments for products, systems, and operational environments
  • Identify attack surfaces, trust boundaries, and potential exploitation paths
  • Work with engineering teams to prioritize and remediate identified security risks
  • Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies
  • Compliance & Security Authorization
  • Support cybersecurity compliance initiatives and product authorization efforts including:
    • RMF (Risk Management Framework)
    • ATO (Authority to Operate)
    • Export control and regulated data handling requirements
    • Aid in the development of system security documentation, security controls, SSPs, and assessment artifacts
    • Support internal and external security audits, assessments, and accreditation activities
    • Collaborate with government, customer, and program stakeholders on security requirements and authorization activities
  • Security Testing & Validation
  • Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts
  • Support secure configuration and hardening efforts across software, operating systems, and embedded environments
  • Review software and system telemetry to identify potential security weaknesses or anomalous behavior
  • Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility
  • Cross-Functional Collaboration
  • Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements
  • Contribute to the development of scalable product security processes and governance
  • Support customer and internal security reviews related to deployed technologies and operational environments
  • Mentor engineering teams on secure development and security-by-design principles

Minimum Requirements

  • 5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles
  • Experience with software security design and secure system architecture principles
  • Hands-on experience conducting threat modeling and cybersecurity risk assessments
  • Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts
  • Familiarity with cybersecurity frameworks and compliance standards including:
    • RMF
    • NIST 800-53
    • NIST 800-171
    • CMMC
    • DFARS
  • Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS
  • Understanding of cloud, endpoint, network, and identity security concepts
  • Strong analytical, troubleshooting, and technical communication skills
  • Ability to operate effectively in a fast-paced startup environment
  • Must be a U.S. Citizen eligible for government facilities and sensitive information
  • Ability to obtain additional security clearances as required by contract

Preferred Requirements

  • Active Security Clearance
  • Experience supporting defense, aerospace, government contracting, or regulated technology environments
  • Experience securing embedded systems, sensor platforms, or edge computing technologies
  • Familiarity with export control requirements including ITAR and EAR
  • Experience with secure DevSecOps pipelines and automation practices
  • Experience with Microsoft GCC High environments and regulated cloud architectures
  • Firmware development experience
  • Bios/UEFI security or development experience
  • Hardware security design experience
  • Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge
  • Experience with scripting or automation using Python, PowerShell, or Bash
  • Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent

Benefits

Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
Our Perks: Free daily lunch, 'No meeting Fridays', unlimited PTO, casual dress code
Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
Team Growth: 250 employees and counting across 5 global offices

Similar jobs