Staff Product Security Engineers
Find your job at www.LoveYourJob.com
Job Title: Staff Product Security Engineer
Location: Andover, MA
Duration: 12-18+ Months
POST-OFFER BACKGROUND CHECK IS REQUIRED. An essential function of this job is physical attendance. Digital Prospectors is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
As an active member of product development cross functional teams, is responsible for all program cybersecurity deliverables. Participating in architecture/design reviews and threat modeling duties, helps to discover risks in new and existing products/systems. Working with engineering teams regarding how to optimally address individual cybersecurity vulnerabilities identified during threat modeling and other review activities. Complying with all internal and external processes.
1 Conducting periodic Nessus scans and reports results to keep DoD RMF certification. Performing both pre and post release threat/vulnerability testing (pen/fuzz/etc.) seeking unmitigated cybersecurity threats/vulnerabilities in products.
2 Creating and releasing all company process required program cybersecurity docs, and developing Manufacturer Disclosure Statements for Medical Device Security (MDS2) documents. Developing responses to customer requested cybersecurity documents/inquiries.
3 Performing all work in compliance with all internal/external cybersecurity processes and regulations.
4 Reviewing of Software Bill of Materials (SBOM), seeking newer versions of listed software items. For new versions, review/evaluate updates to discover any items that were released that point to security vulnerabilities. Scores and documents the results.
6 Drafting customer cybersecurity advisories when new vulnerabilities are found in released products where the company is required to notify of such vulnerability.
7 Participating in post market release team reviews of complaints, provides ideas on severity/probability scoring for each item found.
Education: Bachelor of Science in relevant areas such as Cybersecurity, Computer Science, etc.
* Three to five years of practical application security work experience, which includes some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering.
* Familiarity with scanning tools - Nessus
* Prototyping ability – the skill to demonstrate feasibility with short notice
* Background using the Microsoft Threat Modeling tool
* Strong attention to detail, quality, and customer satisfaction.
* Strong analytical, organizational, and technical writing skills.
* Windows and Linux operating systems knowledge
Special Competencies or Certifications:
* CompTIA Security+/CISSP/CEH
Make this your next career move as one of our many long-term contractors or employees!
Work as our full-time employee with full benefits (Medical, Dental, Vision, STD, LTD, PTO, Retirement, etc.) - OR - work as a W2 hourly contractor at a higher pay rate if you don't need the benefit package.
ABOUT DIGITAL PROSPECTORS:
Founded in 1999, Digital Prospectors is an award-winning recruiting and consulting firm that specializes in placing contract, contract-to-hire and direct hire engineers into rewarding opportunities with our impressive and ever-growing client base. We believe that all people should love their jobs.
Come see why Digital Prospectors has been voted “Best Staffing Firm to Temp For” by Staffing Industry Analysts, "Best of Staffing" for candidate satisfaction by Inavero / CareerBuilder.com, "Top Temporary Placement Firm" by Boston Business Journal, "Best Company To Work For" by Business NH magazine, "Excellence in IT and Engineering Staffing” by TechServe Alliance, "Top IT Services Company" by Inc. Magazine, "Most Reliable Staffing Agency" in Forbes Magazine and "Top Ranked Staffing Firm" by Staffing Industry Analysts.