Cybersecurity Engineer, Product Security
CHAOS Industries · San Francisco, CA · 4 wk ago
On-siteInformation TechnologyFull-time
Role Overview
The ideal candidate will lead security efforts for CHAOS Industries' next-generation sensor platforms and supporting software ecosystems, working closely with various engineering teams.
Responsibilities
- Product Security Engineering
- Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure
- Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)
- Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems
- Develop secure design standards, engineering guidance, and product security best practices
- Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation
- Threat Modeling & Risk Assessment
- Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure
- Conduct cybersecurity risk assessments for products, systems, and operational environments
- Identify attack surfaces, trust boundaries, and potential exploitation paths
- Work with engineering teams to prioritize and remediate identified security risks
- Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies
- Compliance & Security Authorization
- Support cybersecurity compliance initiatives and product authorization efforts including:
- RMF (Risk Management Framework)
- ATO (Authority to Operate)
- Export control and regulated data handling requirements
- Aid in the development of system security documentation, security controls, SSPs, and assessment artifacts
- Support internal and external security audits, assessments, and accreditation activities
- Collaborate with government, customer, and program stakeholders on security requirements and authorization activities
- Security Testing & Validation
- Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts
- Support secure configuration and hardening efforts across software, operating systems, and embedded environments
- Review software and system telemetry to identify potential security weaknesses or anomalous behavior
- Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility
- Cross-Functional Collaboration
- Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements
- Contribute to the development of scalable product security processes and governance
- Support customer and internal security reviews related to deployed technologies and operational environments
- Mentor engineering teams on secure development and security-by-design principles
Minimum Requirements
- 5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles
- Experience with software security design and secure system architecture principles
- Hands-on experience conducting threat modeling and cybersecurity risk assessments
- Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts
- Familiarity with cybersecurity frameworks and compliance standards including:
- RMF
- NIST 800-53
- NIST 800-171
- CMMC
- DFARS
- Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS
- Understanding of cloud, endpoint, network, and identity security concepts
- Strong analytical, troubleshooting, and technical communication skills
- Ability to operate effectively in a fast-paced startup environment
- Must be a U.S. Citizen eligible for government facilities and sensitive information
- Ability to obtain additional security clearances as required by contract
Preferred Requirements
- Active Security Clearance
- Experience supporting defense, aerospace, government contracting, or regulated technology environments
- Experience securing embedded systems, sensor platforms, or edge computing technologies
- Familiarity with export control requirements including ITAR and EAR
- Experience with secure DevSecOps pipelines and automation practices
- Experience with Microsoft GCC High environments and regulated cloud architectures
- Firmware development experience
- Bios/UEFI security or development experience
- Hardware security design experience
- Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge
- Experience with scripting or automation using Python, PowerShell, or Bash
- Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent
Benefits
Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
Our Perks: Free daily lunch, 'No meeting Fridays', unlimited PTO, casual dress code
Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
Team Growth: 250 employees and counting across 5 global offices