Overview
Remote
On Site
$65 - $72 hourly
Contract - W2
Contract - Temp
Skills
Technical Analysis
Computer Hardware
Routers
Switches
Collaboration
Research
Incident Management
Risk Assessment
Testing
Modeling
Workflow
Threat Analysis
Atlassian
JIRA
Confluence
Slack
Cyber Security
Vulnerability Management
Firmware Development
Security Analysis
Vulnerability Assessment
Software Development
Dynamic Testing
Management
3D Computer Graphics
Threat Modeling
IoT
Embedded Systems
Security Architecture
Firmware
Wireless Communication
ROOT
Artificial Intelligence
Messaging
Job Details
RESPONSIBILITIES:
Kforce has a client that is seeking a Cybersecurity PSIRT Engineer in San Jose, CA.
Key Responsibilities:
* Lead or assist in the triage, technical analysis, severity scoring, and remediation coordination, and coordinated disclosure processes for product security vulnerabilities
* Investigate and manage hardware and firmware-related security vulnerabilities across hardware products (e.g., routers, switches, IoT devices)
* Perform code analysis and vulnerability reproduction testing to identify potential security issues
* Collaborate cross-functionally with engineering, threat intelligence, incident response, and vulnerability research teams to analyze, triage, and resolve firmware vulnerabilities
* Support the full lifecycle of incident response: detection, analysis, containment, mitigation, and postmortem
* Conduct impact and risk assessments on vulnerability submissions to inform appropriate prioritization and response actions
* Contribute to the security quality feedback loop by ensuring lessons learned from incidents and vulnerabilities inform secure development practices, testing, and tooling
* Develop and maintain threat intelligence feeds relevant to our product and device ecosystem
* Support the creation of attack surface maps and device risk modeling profiles, aligned with MITRE ATT&CK, EMB3D, and internal threat models
* Apply and interpret CVE, CVSS, CWE, and CWSS scoring to measure and communicate risk
* Author internal reports, vulnerability advisories, and coordinate with external researchers and CERTs when needed
* Develop and refine internal tools, frameworks, and processes in support of work processes and activities
* Document incident workflows, threat analyses, and remediation guidance in Atlassian tools (Jira, Confluence) and coordinate via Slack
REQUIREMENTS:
* Bachelor's degree in Computer Engineering, Computer Science, Cybersecurity, or related field
* 4-8+ years in cybersecurity, with experience in product security, PSIRT, or vulnerability management, ideally in an embedded or device-centric environment
* 3+ years of experience in embedded systems or firmware development, security research, or vulnerability analysis
* Experience with secure software development lifecycles, fuzzing, or static/dynamic analysis tooling
* Working experience with bug bounty operations and direct researcher interaction
* Solid understanding of common vulnerability types (buffer overflows, privilege escalations, etc.) in low-level code
* Familiar with MITRE ATT&CK and EMB3D frameworks, and how to apply them to threat modeling or response
* Proficient in IoT/embedded systems security architecture (firmware, trust anchors, bootloaders, secure boot, memory safety, and wireless protocols)
* Skilled in vulnerability triage, severity scoring (CVSS, CWE/CWSS), and root cause identification
* Able to replicate and assess exploitability and business impact of submitted vulnerabilities
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Kforce has a client that is seeking a Cybersecurity PSIRT Engineer in San Jose, CA.
Key Responsibilities:
* Lead or assist in the triage, technical analysis, severity scoring, and remediation coordination, and coordinated disclosure processes for product security vulnerabilities
* Investigate and manage hardware and firmware-related security vulnerabilities across hardware products (e.g., routers, switches, IoT devices)
* Perform code analysis and vulnerability reproduction testing to identify potential security issues
* Collaborate cross-functionally with engineering, threat intelligence, incident response, and vulnerability research teams to analyze, triage, and resolve firmware vulnerabilities
* Support the full lifecycle of incident response: detection, analysis, containment, mitigation, and postmortem
* Conduct impact and risk assessments on vulnerability submissions to inform appropriate prioritization and response actions
* Contribute to the security quality feedback loop by ensuring lessons learned from incidents and vulnerabilities inform secure development practices, testing, and tooling
* Develop and maintain threat intelligence feeds relevant to our product and device ecosystem
* Support the creation of attack surface maps and device risk modeling profiles, aligned with MITRE ATT&CK, EMB3D, and internal threat models
* Apply and interpret CVE, CVSS, CWE, and CWSS scoring to measure and communicate risk
* Author internal reports, vulnerability advisories, and coordinate with external researchers and CERTs when needed
* Develop and refine internal tools, frameworks, and processes in support of work processes and activities
* Document incident workflows, threat analyses, and remediation guidance in Atlassian tools (Jira, Confluence) and coordinate via Slack
REQUIREMENTS:
* Bachelor's degree in Computer Engineering, Computer Science, Cybersecurity, or related field
* 4-8+ years in cybersecurity, with experience in product security, PSIRT, or vulnerability management, ideally in an embedded or device-centric environment
* 3+ years of experience in embedded systems or firmware development, security research, or vulnerability analysis
* Experience with secure software development lifecycles, fuzzing, or static/dynamic analysis tooling
* Working experience with bug bounty operations and direct researcher interaction
* Solid understanding of common vulnerability types (buffer overflows, privilege escalations, etc.) in low-level code
* Familiar with MITRE ATT&CK and EMB3D frameworks, and how to apply them to threat modeling or response
* Proficient in IoT/embedded systems security architecture (firmware, trust anchors, bootloaders, secure boot, memory safety, and wireless protocols)
* Skilled in vulnerability triage, severity scoring (CVSS, CWE/CWSS), and root cause identification
* Able to replicate and assess exploitability and business impact of submitted vulnerabilities
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.