We are seeking a skilled Senior Product Security Engineer with hands-on experience in product security including secure design principles, vulnerability scanning (SAST, SCA, DAST, etc.), penetration testing practices, compliance auditing (SOC 2, ISO 27001), and automation of security processes. The ideal candidate will help strengthen our security posture by identifying vulnerabilities, ensuring compliance, implementing automated security controls, and supporting product security across multiple applications and releases.
Location - Westford, MA / REMOTE
Key Responsibilities
- Perform security scans (e.g., GitHub) using SCA, SAST, DAST, and dependency scanning tools
- Coordinate and support penetration testing (internal and external), including validation of findings and remediation tracking
- Support and manage SOC 2 and ISO 27001 audits, including evidence collection, control validation, and remediation tracking
- Prepare audit-ready documentation and evidence artifacts (e.g., architecture diagrams, hardening guides, control logs, and supporting documentation)
- Design, implement, and maintain security automation workflows (e.g., CI/CD integration, automated scans, and workflow automation)
- Monitor and analyze vulnerabilities, perform contextual risk-based triage, and coordinate remediation with development and DevOps teams
- Validate and reconcile findings across multiple security tools and maintain accurate dashboards and reporting
- Develop and maintain security policies, standards, and procedures aligned with industry best practices
- Collaborate with DevOps teams to integrate secure coding practices and DevSecOps pipelines
- Drive secure SDLC practices, including threat modeling, cyber approval processes, and release security sign-off
- Perform risk assessments and maintain risk registers
- Assist in incident response, root cause analysis, and continuous improvement initiatives
- Support multiple products and concurrent releases, ensuring consistent security posture and release readiness
- Respond to customer cybersecurity questionnaires and inquiries
- Collaborate cross-functionally to address and remediate any cybersecurity issues within policy defined SLA
- Generate, validate, and maintain SBOMs (e.g., CycloneDX, SPDX)
- Support compliance with emerging regulatory requirements (e.g., CRA, supply chain security expectations)
- Manage and validate outputs from SAST, DAST, SCA, and vulnerability management tools
- Maintain data consistency across security platforms and reporting dashboards
[hr align="center" size="2" width="100%"]
Required Skills & Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 5-7 years of experience in cybersecurity or related role
- Hands-on experience with:
- Code scanning tools (e.g., SonarQube, CodeQL, or similar)
- SBOM tools and frameworks (e.g., CycloneDX, SPDX, or equivalent)
- Vulnerability management platforms (e.g., ArmorCode, Qualys, or similar)
- Strong understanding of:
- SOC 2 compliance framework
- ISO 27001 standards and controls
- Secure SDLC practices and threat modeling
- Vulnerability triage and contextual risk assessment
- Product security considerations across on-prem and cloud deployments
- Experience with automation and scripting (Python, PowerShell, Bash)
- Knowledge of integrating security controls into CI/CD pipelines
- Familiarity with cloud environments (Azure preferred)
- Understanding of OWASP Top 10 vulnerabilities
- Familiarity with regulatory and industry frameworks (e.g., NIST, CRA, software supply chain security)
Preferred Qualifications
- Experience with DevSecOps practices
- Familiarity with SIEM tools and security monitoring
- Experience with container and Kubernetes security
- Experience supporting customer-facing security reviews or external assessments
- Experience working across multiple products or concurrent releases
- Experience preparing audit evidence and compliance documentation
Soft Skills
- Strong analytical and problem-solving abilities
- Excellent communication and documentation skills
- Ability to work cross-functionally with engineering, compliance, and operations teams
- Proactive mindset with attention to detail
- Ability to translate complex security topics into clear, audit-ready and customer-facing language
Nice-to-Have
- Knowledge of threat modeling frameworks (STRIDE, MITRE ATT&CK)
- Experience managing third-party/vendor security assessments
- Experience with SBOM automation or security data aggregation platforms
About MARS Solutions Group:
MARS Solutions Group provides a range of opportunities for meaningful work by understanding that employment fit is a combination of people, process, and technology. We leverage our experienced and compassionate team to bring humanity to matching you with the right advanced technology role, and stay connected with you to help you attain your professional goals.