Senior Product Security Engineer

Remote in Westford, MA, US • Posted 1 hour ago • Updated 1 hour ago
Contract Independent
Contract Corp To Corp
Contract W2
On-site
Fitment

Dice Job Match Score™

🔗 Matching skills to job...

Job Details

Skills

  • SAP
  • Vulnerability Scanning
  • Mergers and Acquisitions
  • GitHub
  • Penetration Testing
  • Hardening
  • Workflow
  • DevOps
  • Incident Management
  • Root Cause Analysis
  • Continuous Improvement
  • Collaboration
  • SLA
  • SCA
  • Reporting
  • Dashboard
  • Computer Science
  • Cyber Security
  • Vulnerability Management
  • Qualys
  • System On A Chip
  • ISO/IEC 27001:2005
  • Software Development Methodology
  • Risk Assessment
  • Scripting
  • Python
  • Windows PowerShell
  • Bash
  • Security Controls
  • Continuous Integration
  • Continuous Delivery
  • Cloud Computing
  • Microsoft Azure
  • OWASP
  • Supply Chain Management
  • DevSecOps
  • SIEM
  • Kubernetes
  • Soft Skills
  • Analytical Skill
  • Conflict Resolution
  • Problem Solving
  • Communication
  • Documentation
  • Regulatory Compliance
  • Attention To Detail
  • Auditing
  • Customer Facing
  • Threat Modeling
  • Management
  • SANS

Summary

MARS Solutions Group is looking for an experienced Senior Product Security Engineer located in Westford, MA. Our client is a Building Automation industry Leader looking for high-quality talent to make a difference. They are known to respect a traditional work week and often extend contracts for added job security and stability

We are seeking a skilled Senior Product Security Engineer with hands-on experience in product security including secure design principles, vulnerability scanning (SAST, SCA, DAST, etc.), penetration testing practices, compliance auditing (SOC 2, ISO 27001), and automation of security processes. The ideal candidate will help strengthen our security posture by identifying vulnerabilities, ensuring compliance, implementing automated security controls, and supporting product security across multiple applications and releases.

Location - Westford, MA / REMOTE

Key Responsibilities

  • Perform security scans (e.g., GitHub) using SCA, SAST, DAST, and dependency scanning tools
  • Coordinate and support penetration testing (internal and external), including validation of findings and remediation tracking
  • Support and manage SOC 2 and ISO 27001 audits, including evidence collection, control validation, and remediation tracking
  • Prepare audit-ready documentation and evidence artifacts (e.g., architecture diagrams, hardening guides, control logs, and supporting documentation)
  • Design, implement, and maintain security automation workflows (e.g., CI/CD integration, automated scans, and workflow automation)
  • Monitor and analyze vulnerabilities, perform contextual risk-based triage, and coordinate remediation with development and DevOps teams
  • Validate and reconcile findings across multiple security tools and maintain accurate dashboards and reporting
  • Develop and maintain security policies, standards, and procedures aligned with industry best practices
  • Collaborate with DevOps teams to integrate secure coding practices and DevSecOps pipelines
  • Drive secure SDLC practices, including threat modeling, cyber approval processes, and release security sign-off
  • Perform risk assessments and maintain risk registers
  • Assist in incident response, root cause analysis, and continuous improvement initiatives
  • Support multiple products and concurrent releases, ensuring consistent security posture and release readiness
  • Respond to customer cybersecurity questionnaires and inquiries
  • Collaborate cross-functionally to address and remediate any cybersecurity issues within policy defined SLA
  • Generate, validate, and maintain SBOMs (e.g., CycloneDX, SPDX)
  • Support compliance with emerging regulatory requirements (e.g., CRA, supply chain security expectations)
  • Manage and validate outputs from SAST, DAST, SCA, and vulnerability management tools
  • Maintain data consistency across security platforms and reporting dashboards
[hr align="center" size="2" width="100%"]

Required Skills & Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • 5-7 years of experience in cybersecurity or related role
  • Hands-on experience with:
    • Code scanning tools (e.g., SonarQube, CodeQL, or similar)
    • SBOM tools and frameworks (e.g., CycloneDX, SPDX, or equivalent)
    • Vulnerability management platforms (e.g., ArmorCode, Qualys, or similar)
  • Strong understanding of:
    • SOC 2 compliance framework
    • ISO 27001 standards and controls
    • Secure SDLC practices and threat modeling
    • Vulnerability triage and contextual risk assessment
    • Product security considerations across on-prem and cloud deployments
  • Experience with automation and scripting (Python, PowerShell, Bash)
  • Knowledge of integrating security controls into CI/CD pipelines
  • Familiarity with cloud environments (Azure preferred)
  • Understanding of OWASP Top 10 vulnerabilities
  • Familiarity with regulatory and industry frameworks (e.g., NIST, CRA, software supply chain security)

Preferred Qualifications

  • Experience with DevSecOps practices
  • Familiarity with SIEM tools and security monitoring
  • Experience with container and Kubernetes security
  • Experience supporting customer-facing security reviews or external assessments
  • Experience working across multiple products or concurrent releases
  • Experience preparing audit evidence and compliance documentation

Soft Skills

  • Strong analytical and problem-solving abilities
  • Excellent communication and documentation skills
  • Ability to work cross-functionally with engineering, compliance, and operations teams
  • Proactive mindset with attention to detail
  • Ability to translate complex security topics into clear, audit-ready and customer-facing language

Nice-to-Have

  • Knowledge of threat modeling frameworks (STRIDE, MITRE ATT&CK)
  • Experience managing third-party/vendor security assessments
  • Experience with SBOM automation or security data aggregation platforms

About MARS Solutions Group:

MARS Solutions Group provides a range of opportunities for meaningful work by understanding that employment fit is a combination of people, process, and technology. We leverage our experienced and compassionate team to bring humanity to matching you with the right advanced technology role, and stay connected with you to help you attain your professional goals.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10275619
  • Position Id: 2026-19879
  • Posted 1 hour ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Waltham, Massachusetts

Today

Full-time

USD 110,000.00 per year

Boston, Massachusetts

Today

Full-time

USD 90,000.00 - 140,000.00 per year

Remote

Today

Full-time

USD 105,000.00 - 155,000.00 per year

Remote

Today

Full-time

USD 237,800.00 - 441,500.00 per year

Search all similar jobs