Our client is looking for a Product Security Engineer to join its Office of Product Safety and Security (OPSS). This role is part of the Product Security Incident Response Team (PSIRT), which manages product security vulnerabilities and coordinates resolution and disclosure efforts.
The ideal candidate will have a background in cybersecurity and an interest or experience in OT product environments or incident response. You'll work closely with internal teams, external researchers, and industry partners to address reported vulnerabilities and improve overall product security.
Required Experience:
- 3+ years in cybersecurity, vulnerability management, or a related role
- Experience working with OT (Operational Technology) device automation systems
- Familiarity with vulnerability management platforms
- Understanding of common security vulnerabilities and mitigation techniques
- Experience coordinating responses to security incidents and vulnerabilities
- Strong analytical and problem-solving skills
- Excellent communication and collaboration abilities
- Ability to work effectively in cross-functional teams
Preferred Experience:
- Experience on a PSIRT (Product Security Incident Response Team)
- Knowledge of public vulnerability disclosure processes and CNA (CVE Numbering Authority) guidelines
- Experience administering or supporting bug bounty programs
- Familiarity with incident response procedures and coordination practices
- Relevant cybersecurity certifications (e.g., CEH, OSCP, GCIH)
- Understanding of regulatory and industry standards (e.g., ISA/IEC 62443, NIST 800-82, ISO 27001/27017, NIS2, CRA, CIP Security)
- Experience coordinating with external researchers and third-party reporting bodies (e.g., CISA, national CERTs)