Jobs · Information Technology

Senior Product Security Engineer

MARS Solutions Group · United States · 1 wk ago
RemoteRemoteInformation TechnologyFull-time

Key Responsibilities

  • Perform security scans (e.g., GitHub) using SCA, SAST, DAST, and dependency scanning tools
  • Coincide and support penetration testing (internal and external), including validation of findings and remediation tracking
  • Support and manage SOC 2 and ISO 27001 audits, including evidence collection, control validation, and remediation tracking
  • Prepare audit-ready documentation and evidence artifacts (e.g., architecture diagrams, hardening guides, control logs, and supporting documentation)
  • Design, implement, and maintain security automation workflows (e.g., CI/CD integration, automated scans, and workflow automation)
  • Monitor and analyze vulnerabilities, perform contextual risk-based triage, and coordinate remediation with development and DevOps teams
  • Validate and reconcile findings across multiple security tools and maintain accurate dashboards and reporting
  • Develop and maintain security policies, standards, and procedures aligned with industry best practices
  • Collaborate with DevOps teams to integrate secure coding practices and DevSecOps pipelines
  • Drive secure SDLC practices, including threat modeling, cyber approval processes, and release security sign-off
  • Perform risk assessments and maintain risk registers
  • Assist in incident response, root cause analysis, and continuous improvement initiatives
  • Support multiple products and concurrent releases, ensuring consistent security posture and release readiness
  • Respond to customer cybersecurity questionnaires and inquiries
  • Collaborate cross-functionally to address and remediate any cybersecurity issues within policy defined SLAG

Required Skills & Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • 5-7 years of experience in cybersecurity or related role
  • Hands-on experience with: Code scanning tools (e.g., SonarQube, CodeQL, or similar), SBOM tools and frameworks (e.g., CycloneDX, SPDX, or equivalent), Vulnerability management platforms (e.g., ArmorCode, Qualys, or similar)
  • Strong understanding of: SOC 2 compliance framework, ISO 27001 standards and controls, Secure SDLC practices and threat modeling, Vulnerability triage and contextual risk assessment, Product security considerations across on-prem and cloud deployments
  • Experience with automation and scripting (Python, PowerShell, Bash)
  • Knowledge of integrating security controls into CI/CD pipelines
  • Familiarity with cloud environments (Azure preferred)
  • Understanding of OWASP Top 10 vulnerabilities
  • Knowledge of regulatory and industry frameworks (e.g., NIST, CRA, software supply chain security)

Preferred Qualifications

  • Experience with DevSecOps practices
  • Familiarity with SIEM tools and security monitoring
  • Experience with container and Kubernetes security
  • Experience supporting customer-facing security reviews or external assessments
  • Experience working across multiple products or concurrent releases
  • Experience preparing audit evidence and compliance documentation

Soft Skills

  • Strong analytical and problem-solving abilities
  • Excellent communication and documentation skills
  • Ability to work cross-functionally with engineering, compliance, and operations teams
  • Proactive mindset with attention to detail
  • Ability to translate complex security topics into clear, audit-ready and customer-facing language

Nice-to-Have

  • Knowledge of threat modeling frameworks (STRIDE, MITRE ATT&CK)
  • Experience managing third-party/vendor security assessments
  • Experience with SBOM automation or security data aggregation platforms

Similar jobs