Job Title

Role Information:Job Title: Product Security EngineerWork Location: Fully remote position, home officeEmployment Type: Full-timeEmployment Status: Exempt, salariedVisa sponsorship is not available for this position.Must reside in the United States.We are not accepting applicants for remote workers in California, Illinois, and New York at this pensation:$133,000-$172,000/year depending on years of experienceRole Overview:As a Product Security Engineer, you will own product security across all Cutsforth offerings, including cloud software, on-prem deployments, embedded systems, and IoT hardware. This role is responsible for defining, implementing, and governing product security controls throughout the full product lifecycle; from device manufacturing and firmware through cloud services, APIs, and customer-facing applications. Product & Platform Scope: This role is responsible for product security across: Foresight (cloud-hosted, multi-tenant analytics platform) Cortex (internal R&D and ML experimentation environment) InsightCM (on-prem and hybrid industrial monitoring systems) Embedded and low-cost hardware devices, including firmware, device identity, encryption, and secure communications Key Responsibilities:Embed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process. Identify vulnerabilities and security gaps during the design phase to present exploitation. Define and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication Own firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation Design and govern end-to-end encryption strategies spanning device, edge, and cloud Establish security requirements for low-cost hardware, balancing risk, cost, and operational constraints Conduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces Partner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls Own product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews Manage coordinated vulnerability disclosure and CVE processes where applicable Lead Product Lifecycle Management security initiatives from concept throughout development, release and maintenance. Conduct product security testing and oversee penetration testing, vulnerability scans and code reviews. Define the product security strategic roadmap, goals, priorities, features and align product security with business objectives. Required Qualifications:Successfully pass background check for cybersecurity site access. 7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security Hands on experience with programming languages like Python, Java, C++, or Go. Mastery of security tools like Burp Suite, Checkmarx, or SonarQube. Security Frameworks - solid understanding of OWASP Top 10, NIST and SOC2 compliance Specific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard Experience with Azure 7+ years of experience with scripting automation for security tasks using Python Practical experience with at least one major SIEM - Splunk Strong analytical and problem-solving skills Ability to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders. Detail orientated with good documentation habits. Bachelors degree in computer science or cyber security or related field Preferred Qualifications:CompTIASecurity+, CompTIA CYSA+, CompTIA PenTest+ or CEH preferred CISSP OSCP Experience securing embedded systems, IoT devices, or industrial control systems Familiarity with device authentication, PKI, and certificate lifecycle management Understanding of common IoT protocols (MQTT, HTTPS, AMQP, or similar) Other Qualifications:Successfully pass background check for cybersecurity access requirements.Cybersecurity Role Expectations:Candidate will be responsible for reviewing policies and procedures related to cybersecurity and those relevant to the functions of their role.Candidate is expected to maintain a cybersecure work environment.Physical Requirements:Must be able to sit and stand for extended periods of time.Must be able to use hands to type, handle products, tools and navigate a computer keyboard.Must be able to view computer screen for extended periods of time.Specific vision abilities required by this job include close vision and distance vision.Benefits:Medical, Vision, Dental InsuranceHealth Savings Account with Employer contributions401(k) with Employer matchShort-term & Long-term Disability CoverageAccidental Death & Dismemberment CoverageLife Insurance Coverage80 hours of Paid-Time-Off annuallyEight paid holidays per yearAll other benefits required by applicable law Alignment with Corporate ValuesnnAll Cutsforth employees are expected to perform their work in a manner that exhibits understanding and adherence to the Company Mission and Core Attributes of Cutsforth Employees. Employees in management roles must exhibit continual improvement along Cutsforths Leadership Traits. Further, each employee must read and adhere to corporate policies and safety protocols.nnntLearn more about Cutsforth here: