[Remote] Senior Product Security Engineer
Note: The job is a remote job and is open to candidates in USA. MARS Solutions Group is looking for an experienced Senior Product Security Engineer located in Westford, MA. The ideal candidate will help strengthen the company's security posture by identifying vulnerabilities, ensuring compliance, implementing automated security controls, and supporting product security across multiple applications and releases.
Responsibilities
- Perform security scans (e.g., GitHub) using SCA, SAST, DAST, and dependency scanning tools
- Coordinate and support penetration testing (internal and external), including validation of findings and remediation tracking
- Support and manage SOC 2 and ISO 27001 audits, including evidence collection, control validation, and remediation tracking
- Prepare audit-ready documentation and evidence artifacts (e.g., architecture diagrams, hardening guides, control logs, and supporting documentation)
- Design, implement, and maintain security automation workflows (e.g., CI/CD integration, automated scans, and workflow automation)
- Monitor and analyze vulnerabilities, perform contextual risk-based triage, and coordinate remediation with development and DevOps teams
- Validate and reconcile findings across multiple security tools and maintain accurate dashboards and reporting
- Develop and maintain security policies, standards, and procedures aligned with industry best practices
- Collaborate with DevOps teams to integrate secure coding practices and DevSecOps pipelines
- Drive secure SDLC practices, including threat modeling, cyber approval processes, and release security sign-off
- Perform risk assessments and maintain risk registers
- Assist in incident response, root cause analysis, and continuous improvement initiatives
- Support multiple products and concurrent releases, ensuring consistent security posture and release readiness
- Respond to customer cybersecurity questionnaires and inquiries
- Collaborate cross-functionally to address and remediate any cybersecurity issues within policy defined SLA
- Generate, validate, and maintain SBOMs (e.g., CycloneDX, SPDX)
- Support compliance with emerging regulatory requirements (e.g., CRA, supply chain security expectations)
- Manage and validate outputs from SAST, DAST, SCA, and vulnerability management tools
- Maintain data consistency across security platforms and reporting dashboards
Skills
- Bachelor s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 5-7 years of experience in cybersecurity or related role
- Hands-on experience with: Code scanning tools (e.g., SonarQube, CodeQL, or similar)
- Hands-on experience with: SBOM tools and frameworks (e.g., CycloneDX, SPDX, or equivalent)
- Hands-on experience with: Vulnerability management platforms (e.g., ArmorCode, Qualys, or similar)
- Strong understanding of: SOC 2 compliance framework
- Strong understanding of: ISO 27001 standards and controls
- Strong understanding of: Secure SDLC practices and threat modeling
- Strong understanding of: Vulnerability triage and contextual risk assessment
- Strong understanding of: Product security considerations across on-prem and cloud deployments
- Experience with automation and scripting (Python, PowerShell, Bash)
- Knowledge of integrating security controls into CI/CD pipelines
- Familiarity with cloud environments (Azure preferred)
- Understanding of OWASP Top 10 vulnerabilities
- Familiarity with regulatory and industry frameworks (e.g., NIST, CRA, software supply chain security)
- Experience with DevSecOps practices
- Familiarity with SIEM tools and security monitoring
- Experience with container and Kubernetes security
- Experience supporting customer-facing security reviews or external assessments
- Experience working across multiple products or concurrent releases
- Experience preparing audit evidence and compliance documentation
Company Overview
Company H1B Sponsorship