Senior Product Security Engineer
MARS Solutions Group · United States · 1 wk ago
RemoteRemoteInformation TechnologyFull-time
Key Responsibilities
- Perform security scans (e.g., GitHub) using SCA, SAST, DAST, and dependency scanning tools
- Coincide and support penetration testing (internal and external), including validation of findings and remediation tracking
- Support and manage SOC 2 and ISO 27001 audits, including evidence collection, control validation, and remediation tracking
- Prepare audit-ready documentation and evidence artifacts (e.g., architecture diagrams, hardening guides, control logs, and supporting documentation)
- Design, implement, and maintain security automation workflows (e.g., CI/CD integration, automated scans, and workflow automation)
- Monitor and analyze vulnerabilities, perform contextual risk-based triage, and coordinate remediation with development and DevOps teams
- Validate and reconcile findings across multiple security tools and maintain accurate dashboards and reporting
- Develop and maintain security policies, standards, and procedures aligned with industry best practices
- Collaborate with DevOps teams to integrate secure coding practices and DevSecOps pipelines
- Drive secure SDLC practices, including threat modeling, cyber approval processes, and release security sign-off
- Perform risk assessments and maintain risk registers
- Assist in incident response, root cause analysis, and continuous improvement initiatives
- Support multiple products and concurrent releases, ensuring consistent security posture and release readiness
- Respond to customer cybersecurity questionnaires and inquiries
- Collaborate cross-functionally to address and remediate any cybersecurity issues within policy defined SLAG
Required Skills & Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 5-7 years of experience in cybersecurity or related role
- Hands-on experience with: Code scanning tools (e.g., SonarQube, CodeQL, or similar), SBOM tools and frameworks (e.g., CycloneDX, SPDX, or equivalent), Vulnerability management platforms (e.g., ArmorCode, Qualys, or similar)
- Strong understanding of: SOC 2 compliance framework, ISO 27001 standards and controls, Secure SDLC practices and threat modeling, Vulnerability triage and contextual risk assessment, Product security considerations across on-prem and cloud deployments
- Experience with automation and scripting (Python, PowerShell, Bash)
- Knowledge of integrating security controls into CI/CD pipelines
- Familiarity with cloud environments (Azure preferred)
- Understanding of OWASP Top 10 vulnerabilities
- Knowledge of regulatory and industry frameworks (e.g., NIST, CRA, software supply chain security)
Preferred Qualifications
- Experience with DevSecOps practices
- Familiarity with SIEM tools and security monitoring
- Experience with container and Kubernetes security
- Experience supporting customer-facing security reviews or external assessments
- Experience working across multiple products or concurrent releases
- Experience preparing audit evidence and compliance documentation
Soft Skills
- Strong analytical and problem-solving abilities
- Excellent communication and documentation skills
- Ability to work cross-functionally with engineering, compliance, and operations teams
- Proactive mindset with attention to detail
- Ability to translate complex security topics into clear, audit-ready and customer-facing language
Nice-to-Have
- Knowledge of threat modeling frameworks (STRIDE, MITRE ATT&CK)
- Experience managing third-party/vendor security assessments
- Experience with SBOM automation or security data aggregation platforms