{"schemaVersion":"jobsearcher.job.v1","id":"87da9f5e8f98aa7397622c20","url":"https://jobsearcher.com/jobs/87da9f5e8f98aa7397622c20","canonicalUrl":"https://jobsearcher.com/jobs/87da9f5e8f98aa7397622c20","title":"Product Security Engineer","description":"Role Information:\nJob Title: Product Security Engineer\nWork Location: Fully remote position, home office\nEmployment Type: Full-time\nEmployment Status: Exempt, salaried\nVisa sponsorship is not available for this position.\nMust reside in the United States.\nWe are not accepting applicants for remote workers in California, Illinois, and New York at this time.\nCompensation:\n$133,000-$172,000/year depending on years of experience\nRole Overview:\nAs a Product Security Engineer, you will own product security across all Cutsforth offerings, including cloud software, on-prem deployments, embedded systems, and IoT hardware. This role is responsible for defining, implementing, and governing product security controls throughout the full product lifecycle; from device manufacturing and firmware through cloud services, APIs, and customer-facing applications.\n\nProduct & Platform Scope:\nThis role is responsible for product security across:\nForesight (cloud-hosted, multi-tenant analytics platform)\nCortex (internal R&D and ML experimentation environment)\nInsightCM (on-prem and hybrid industrial monitoring systems)\nEmbedded and low-cost hardware devices, including firmware, device identity, encryption, and secure communications\nKey Responsibilities:\nEmbed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process.\nIdentify vulnerabilities and security gaps during the design phase to present exploitation.\nDefine and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication\nOwn firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation\nDesign and govern end-to-end encryption strategies spanning device, edge, and cloud\nEstablish security requirements for low-cost hardware, balancing risk, cost, and operational constraints\nConduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces\nPartner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls\nOwn product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews\nManage coordinated vulnerability disclosure and CVE processes where applicable\nLead Product Lifecycle Management security initiatives from concept throughout development, release and maintenance.\nConduct product security testing and oversee penetration testing, vulnerability scans and code reviews.\nDefine the product security strategic roadmap, goals, priorities, features and align product security with business objectives.\nRequired Qualifications:\nSuccessfully pass background check for cybersecurity site access.\n7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security\nHands on experience with programming languages like Python, Java, C++, or Go.\nMastery of security tools like Burp Suite, Checkmarx, or SonarQube.\nSecurity Frameworks – solid understanding of OWASP Top 10, NIST and SOC2 compliance\nSpecific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard\nExperience with Azure\n7+ years of experience with scripting automation for security tasks using Python\nPractical experience with at least one major SIEM – Splunk\nStrong analytical and problem-solving skills\nAbility to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders.\nDetail orientated with good documentation habits.\nBachelor’s degree in computer science or cyber security or related field\nPreferred Qualifications:\nCompTIASecurity+, CompTIA CYSA+, CompTIA PenTest+ or CEH preferred\nCISSP\nOSCP\nExperience securing embedded systems, IoT devices, or industrial control systems\nFamiliarity with device authentication, PKI, and certificate lifecycle management\nUnderstanding of common IoT protocols (MQTT, HTTPS, AMQP, or similar)\nOther Qualifications:\nSuccessfully pass background check for cybersecurity access requirements.\nCybersecurity Role Expectations:\nCandidate will be responsible for reviewing policies and procedures related to cybersecurity and those relevant to the functions of their role.\nCandidate is expected to maintain a cybersecure work environment.\nPhysical Requirements:\nMust be able to sit and stand for extended periods of time.\nMust be able to use hands to type, handle products, tools and navigate a computer keyboard.\nMust be able to view computer screen for extended periods of time.\nSpecific vision abilities required by this job include close vision and distance vision.\nBenefits:\nMedical, Vision, Dental Insurance\nHealth Savings Account with Employer contributions\n401(k) with Employer match\nShort-term & Long-term Disability Coverage\nAccidental Death & Dismemberment Coverage\nLife Insurance Coverage\n80 hours of Paid-Time-Off annually\nEight paid holidays per year\nAll other benefits required by applicable law\n\nAlignment with Corporate Values\nAll Cutsforth employees are expected to perform their work in a manner that exhibits understanding and adherence to the Company Mission and Core Attributes of Cutsforth Employees. Employees in management roles must exhibit continual improvement along Cutsforth’s Leadership Traits. Further, each employee must read and adhere to corporate policies and safety protocols.\nLearn more about Cutsforth here: Cutsforth.com/About\nRead our Mission & Values here: Cutsforth.com/Values\nEqual Employment Opportunity Statement:\nCutsforth will not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, or national origin. Cutsforth will take affirmative action to ensure that applicants are employed, and that employees are treated during employment, without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer, recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. Cutsforth agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided by the provisions of this nondiscrimination clause.\nFor Cutsforth's full Equal Employment Opportunity Policy, click here: EEO Notice to Employees & Applicants\nCMhj94whdC","company":"Cutsforth","rawCompany":"cutsforth","city":"Remote","state":"OR","isRemote":false,"isActive":false,"createdAt":"2026-04-14T11:09:07.928Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"13-1199.07","title":"Security Management Specialists","slug":"security-management-specialists"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Product Security Engineer","description":"Role Information:\nJob Title: Product Security Engineer\nWork Location: Fully remote position, home office\nEmployment Type: Full-time\nEmployment Status: Exempt, salaried\nVisa sponsorship is not available for this position.\nMust reside in the United States.\nWe are not accepting applicants for remote workers in California, Illinois, and New York at this time.\nCompensation:\n$133,000-$172,000/year depending on years of experience\nRole Overview:\nAs a Product Security Engineer, you will own product security across all Cutsforth offerings, including cloud software, on-prem deployments, embedded systems, and IoT hardware. This role is responsible for defining, implementing, and governing product security controls throughout the full product lifecycle; from device manufacturing and firmware through cloud services, APIs, and customer-facing applications.\n\nProduct & Platform Scope:\nThis role is responsible for product security across:\nForesight (cloud-hosted, multi-tenant analytics platform)\nCortex (internal R&D and ML experimentation environment)\nInsightCM (on-prem and hybrid industrial monitoring systems)\nEmbedded and low-cost hardware devices, including firmware, device identity, encryption, and secure communications\nKey Responsibilities:\nEmbed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process.\nIdentify vulnerabilities and security gaps during the design phase to present exploitation.\nDefine and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication\nOwn firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation\nDesign and govern end-to-end encryption strategies spanning device, edge, and cloud\nEstablish security requirements for low-cost hardware, balancing risk, cost, and operational constraints\nConduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces\nPartner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls\nOwn product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews\nManage coordinated vulnerability disclosure and CVE processes where applicable\nLead Product Lifecycle Management security initiatives from concept throughout development, release and maintenance.\nConduct product security testing and oversee penetration testing, vulnerability scans and code reviews.\nDefine the product security strategic roadmap, goals, priorities, features and align product security with business objectives.\nRequired Qualifications:\nSuccessfully pass background check for cybersecurity site access.\n7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security\nHands on experience with programming languages like Python, Java, C++, or Go.\nMastery of security tools like Burp Suite, Checkmarx, or SonarQube.\nSecurity Frameworks – solid understanding of OWASP Top 10, NIST and SOC2 compliance\nSpecific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard\nExperience with Azure\n7+ years of experience with scripting automation for security tasks using Python\nPractical experience with at least one major SIEM – Splunk\nStrong analytical and problem-solving skills\nAbility to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders.\nDetail orientated with good documentation habits.\nBachelor’s degree in computer science or cyber security or related field\nPreferred Qualifications:\nCompTIASecurity+, CompTIA CYSA+, CompTIA PenTest+ or CEH preferred\nCISSP\nOSCP\nExperience securing embedded systems, IoT devices, or industrial control systems\nFamiliarity with device authentication, PKI, and certificate lifecycle management\nUnderstanding of common IoT protocols (MQTT, HTTPS, AMQP, or similar)\nOther Qualifications:\nSuccessfully pass background check for cybersecurity access requirements.\nCybersecurity Role Expectations:\nCandidate will be responsible for reviewing policies and procedures related to cybersecurity and those relevant to the functions of their role.\nCandidate is expected to maintain a cybersecure work environment.\nPhysical Requirements:\nMust be able to sit and stand for extended periods of time.\nMust be able to use hands to type, handle products, tools and navigate a computer keyboard.\nMust be able to view computer screen for extended periods of time.\nSpecific vision abilities required by this job include close vision and distance vision.\nBenefits:\nMedical, Vision, Dental Insurance\nHealth Savings Account with Employer contributions\n401(k) with Employer match\nShort-term & Long-term Disability Coverage\nAccidental Death & Dismemberment Coverage\nLife Insurance Coverage\n80 hours of Paid-Time-Off annually\nEight paid holidays per year\nAll other benefits required by applicable law\n\nAlignment with Corporate Values\nAll Cutsforth employees are expected to perform their work in a manner that exhibits understanding and adherence to the Company Mission and Core Attributes of Cutsforth Employees. Employees in management roles must exhibit continual improvement along Cutsforth’s Leadership Traits. Further, each employee must read and adhere to corporate policies and safety protocols.\nLearn more about Cutsforth here: Cutsforth.com/About\nRead our Mission & Values here: Cutsforth.com/Values\nEqual Employment Opportunity Statement:\nCutsforth will not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, or national origin. Cutsforth will take affirmative action to ensure that applicants are employed, and that employees are treated during employment, without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer, recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. Cutsforth agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided by the provisions of this nondiscrimination clause.\nFor Cutsforth's full Equal Employment Opportunity Policy, click here: EEO Notice to Employees & Applicants\nCMhj94whdC","datePosted":"2026-04-14T11:09:07.928Z","dateModified":"2026-04-14T11:09:07.928Z","hiringOrganization":{"@type":"Organization","name":"Cutsforth","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote","addressRegion":"OR","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"87da9f5e8f98aa7397622c20"},"url":"https://jobsearcher.com/jobs/87da9f5e8f98aa7397622c20"}}