Product Security R&D Engineer

Lincoln Electric is the world leader in the engineering, design, and manufacturing of advanced arc welding solutions, automated joining, assembly and cutting systems, plasma and oxy-fuel cutting equipment, and has a leading global position in brazing and soldering alloys. Lincoln is recognized as the Welding Expert for its leading materials science, software development, automation engineering, and application expertise, which advance customers' fabrication capabilities to help them build a better world. Headquartered in Cleveland, Ohio, Lincoln Electric is a $4.2B publicly traded company (NASDAQ:LECO) with over 12,000 employees around the world, with operations in 71 manufacturing and automation system integration locations across 21 countries and maintains a worldwide network of distributors and sales offices serving customers in over 160 countries.

Location: Euclid - 22801
Employment Status: Salary Full-Time
Function: Engineering
Pay Range: ($88,600.00 - $146,200.00)
Target Bonus: %
Req ID: 27085

Purpose

Lincoln Electric is seeking a skilled and motivated Product Cybersecurity Engineer to lead the development and implementation of a comprehensive product security program within the R&D department. This role will be instrumental in enhancing the cybersecurity posture of our software-driven products, including embedded systems and cloud-connected platforms. The ideal candidate will enhance R&D capabilities to identify and mitigate security risks, embed security best practices into every phase of the Secure Software Development Lifecycle (SSDLC), standardize threat modeling and risk assessment practices, and work cross-functionally with IT to address key gaps identified in our product security assessment.

Job Duties and Responsibilities

Program Development and Governance

• Establish and operationalize a formal Product Security Program aligned with corporate SDLC and Secure Design standards and best practices
• Collaborate with engineering, IT, and compliance teams to define and enforce security requirements across product lines
• Develop and maintain security policies, procedures, and technical standards for product development
• Stay current with emerging security threats, vulnerabilities, and mitigation techniques and update/evolve program and governance accordingly

Threat Modeling and Secure Design

• Lead and standardize threat modeling activities using methodologies such as STRIDE, PASTA, or LINDDUN
• Assist with security architecture reviews and design analysis for new and existing products
• Standardize guidelines for documentation of data flows, trust boundaries, attack surfaces, and security controls

Secure Development Lifecycle Integration

• Operationalize a formal Secure Development Lifecycle with security tools and practices (e.g., SAST, DAST, SBOM, secrets scanning) into CI/CD pipelines
• Ensure secure coding practices are followed and validated through peer reviews and automated testing
• Support the development of secure signing, secure boot, and credential management processes
• Provide guidance on secure coding practices and conduct security training for developers
• Develop and maintain security tools, libraries, and automation to support secure development practices

Vulnerability and Risk Management

• Implement and manage vulnerability tracking, CVE remediation workflows, and SBOM maintenance
• Coordinate with Testing and DevOps teams to ensure timely patching and secure deployment practices
• Represent R&D in incident response planning and product-related security investigations
• Participate in security assessments, including penetration testing and third-party audits

Customer and Compliance Enablement

• Work with Product Management to establish standards for various product segments
• Ensure compliance with relevant standards and regulations (e.g., NIST, CCPA, GDPR, EU CRA, Trust Mark)
• Support audits, assessments, and customer security inquiries
• Interpret evolving cybersecurity threats, regulatory changes, and industry trends to improve product security strategy

Strategic Problem Solving and Innovation

• Analyze technical and organizational challenges across product lines and propose scalable, secure solutions
• Collaborate with cross-functional teams to identify systemic issues and recommend best practices that align with business goals

Basic Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Electrical Engineering, or related field.
• 8+ years of experience in cybersecurity, with at least 2 years focused on product or embedded system security.
• Experience working in Agile/Scrum environments and familiarity with DevSecOps practices.
• Proficiency in threat modeling, secure coding, and vulnerability management.
• Hands-on experience with security tools such as SAST/DAST scanners, SBOM generators, and PKI systems.
• Familiarity with secure coding in C/C++, Python, Java, and embedded systems languages.
• Understanding of secure boot, firmware signing, and TPM-based authentication.
• Experience with embedded Linux, Yocto, and real-time operating systems (RTOS).
• Familiarity with cloud-native security, API security, and IoT device protection.
• Strong understanding of secure software development practices and common vulnerabilities (e.g., OWASP Top 10).
• Familiarity with CI/CD pipelines and DevSecOps practices.
• Certifications (Preferred): Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or equivalent cybersecurity certifications.
• Strong communication and collaboration skills across technical and non-technical teams.
• Ability to lead cross-functional initiatives and drive cultural change around security.

Lincoln Electric is an Equal Opportunity Employer. We are committed to promoting equal employment opportunity for applicants, without regard to their race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation), sexual orientation, gender identity, age, veteran status, disability, genetic information, and any other category protected by federal, state, or local law.