Overview
Remote
On Site
$65 - $72 hourly
Contract - W2
Contract - Temp
Skills
Software Development
Incident Management
OWASP
Network
Security Engineering
Continuous Improvement
Documentation
Reporting
Management
Cyber Security
Risk Management
3D Computer Graphics
Threat Modeling
Software Development Methodology
Security Controls
Product Development
IoT
Slack
JIRA
Confluence
Communication
Collaboration
Attention To Detail
Agile
ServiceNow
SAP GRC
Auditing
Regulatory Compliance
Vulnerability Scanning
Scripting
Python
Windows PowerShell
Bash
Artificial Intelligence
Messaging
Job Details
RESPONSIBILITIES:
Kforce has a client that is seeking a Product Security Risk & Compliance Analyst in San Jose, CA.
Job Summary:
We are seeking a Product Security Risk & Compliance Analyst Contractor to support the ongoing development of cybersecurity risk management capabilities within a leading engineering business unit. This role is ideal for an experienced professional with a strong background in cyber risk governance, product security, and secure software development lifecycles (S-SDLC)-particularly in IoT and network-connected device environments.
This individual will help drive the maturity of the product security risk register, provide expert guidance to risk owners, and support compliance and security incident response readiness. This will be done while ensuring alignment with frameworks and regulatory standards such as MITRE ATT&CK, EMB3D, CVE/CWE, OWASP IoT/AppSec, NIST 2 18, and ETSI IoT.
Responsibilities:
* Serve as a subject matter expert supporting product-focused cyber risk, compliance, and governance initiatives for a broad network device product line
* Collaborate with security, engineering, and product teams to identify, assess, and manage cybersecurity risks related to IoT and networked devices
* Support the development and continuous improvement of a Product Security Risk Register, including documentation of risks, ownership, remediation and mitigation plans, communication, and closure timelines
* Assist in establishing and evolving governance models aligned with internal policies and external standards/regulations
* Support security compliance and audit initiatives, including both company-led and market certification-related efforts
* Assist in coordinating risk response activities for escalated vulnerabilities or product security incidents
* Interface with ServiceNow GRC modules across business units for structured risk tracking and reporting
REQUIREMENTS:
* 8+ years of direct experience in a cybersecurity role
* 3+ years in a cybersecurity risk analyst or governance role
* Hands-on experience with risk management programs, product security assessments, and compliance frameworks
* Working knowledge of CVE and CWE scoring systems and cyber risk scoring methodologies
* Familiarity with MITRE ATT&CK, EMB3D, and threat modeling
* Solid understanding of secure SDLC practices and integrating security controls into product development
* Strong understanding of IoT and networked device security threats, vulnerabilities, controls, and mitigations
* Excellent communication skills with the ability to translate complex cyber risks into actionable business insights
* Familiarity with Slack/Teams, Jira, and Confluence
* Strong organizational, communication, and cross-functional collaboration skills
* Highly detail-oriented, with the ability to translate between technical depth and business impact
* Comfortable working independently in fast-paced, agile environments
* Adept at translating technical risks into business and compliance context
Preferred:
* Hands-on experience with ServiceNow (especially GRC modules)
* Experience supporting product certifications, internal audits, or regulatory compliance
* Experience contributing to security quality feedback loops within product teams
* Experience developing or applying cyber risk scoring frameworks to assessment findings
* Exposure to vulnerability scanning tools and manual security assessments
* Moderate scripting skills (e.g., Python, PowerShell, Bash) for automation or analysis
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Kforce has a client that is seeking a Product Security Risk & Compliance Analyst in San Jose, CA.
Job Summary:
We are seeking a Product Security Risk & Compliance Analyst Contractor to support the ongoing development of cybersecurity risk management capabilities within a leading engineering business unit. This role is ideal for an experienced professional with a strong background in cyber risk governance, product security, and secure software development lifecycles (S-SDLC)-particularly in IoT and network-connected device environments.
This individual will help drive the maturity of the product security risk register, provide expert guidance to risk owners, and support compliance and security incident response readiness. This will be done while ensuring alignment with frameworks and regulatory standards such as MITRE ATT&CK, EMB3D, CVE/CWE, OWASP IoT/AppSec, NIST 2 18, and ETSI IoT.
Responsibilities:
* Serve as a subject matter expert supporting product-focused cyber risk, compliance, and governance initiatives for a broad network device product line
* Collaborate with security, engineering, and product teams to identify, assess, and manage cybersecurity risks related to IoT and networked devices
* Support the development and continuous improvement of a Product Security Risk Register, including documentation of risks, ownership, remediation and mitigation plans, communication, and closure timelines
* Assist in establishing and evolving governance models aligned with internal policies and external standards/regulations
* Support security compliance and audit initiatives, including both company-led and market certification-related efforts
* Assist in coordinating risk response activities for escalated vulnerabilities or product security incidents
* Interface with ServiceNow GRC modules across business units for structured risk tracking and reporting
REQUIREMENTS:
* 8+ years of direct experience in a cybersecurity role
* 3+ years in a cybersecurity risk analyst or governance role
* Hands-on experience with risk management programs, product security assessments, and compliance frameworks
* Working knowledge of CVE and CWE scoring systems and cyber risk scoring methodologies
* Familiarity with MITRE ATT&CK, EMB3D, and threat modeling
* Solid understanding of secure SDLC practices and integrating security controls into product development
* Strong understanding of IoT and networked device security threats, vulnerabilities, controls, and mitigations
* Excellent communication skills with the ability to translate complex cyber risks into actionable business insights
* Familiarity with Slack/Teams, Jira, and Confluence
* Strong organizational, communication, and cross-functional collaboration skills
* Highly detail-oriented, with the ability to translate between technical depth and business impact
* Comfortable working independently in fast-paced, agile environments
* Adept at translating technical risks into business and compliance context
Preferred:
* Hands-on experience with ServiceNow (especially GRC modules)
* Experience supporting product certifications, internal audits, or regulatory compliance
* Experience contributing to security quality feedback loops within product teams
* Experience developing or applying cyber risk scoring frameworks to assessment findings
* Exposure to vulnerability scanning tools and manual security assessments
* Moderate scripting skills (e.g., Python, PowerShell, Bash) for automation or analysis
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.