Product Security Engineer

Job Description

• Partner with product teams to plan, execute, and maintain Product Security activities for new development, major releases, & sustaining changes in alignment with Product Security procedures.
• Develop & maintain Product Security Management Plans and Files, ensuring cybersecurity activities are planned, traceable, and audit‑ready.
• Integrate Product Security into design controls, risk management, and release readiness processes.
• Create & maintain product threat models, including asset identification, data flows, trust boundaries, threats, and mitigations.
• Conduct cybersecurity risk assessments: requirements gap analysis, CVSS-based vulnerability scoring, residual risk evaluation, and risk acceptance documentation.
• Coordinate and support security testing efforts (static code analysis, open-source and third‑party dependency analysis, vulnerability scanning, and security assessments), and drive remediation with engineering teams.
• Support incident & vulnerability management, including evidence generation for audits and regulatory reviews.
• Develop and maintain product-specific patch management strategies; author/review Security Patch Verification Protocols and Reports.
• Co-own creation, validation, and lifecycle management of Software Bills of Materials (SBOMs), ensuring support for vulnerability monitoring and regulatory expectations.
• Track & report product security metrics, contribute to dashboards and reporting, and help standardize Product Security practices across teams.
• Serve as a Product Security subject matter expert for R D, DevOps, Quality, and Regulatory partners; provide guidance on secure design, remediation, compliance, and support audits and regulatory interactions.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.

To learn more about how we collect, keep, and process your private information, please review

Insight Global's Workforce Privacy Policy:

https://insightglobal.com/workforce-privacy-policy/. Skills and Requirements Required Qualifications

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related technical field, or equivalent practical experience.
• Experience working in a regulated environment (medical device, life sciences, healthcare software, or similar)
• 3+ years of experience in software engineering, product security, cybersecurity engineering, or a closely related role.
• Hands--on experience with product or application security, including vulnerability assessment, threat modeling, and secure development practices.
• Demonstrated ability to execute efficiently in complex, documentation--heavy environments.
• Bias toward working smarter, leveraging existing tools, automation, and modern engineering practices to reduce manual effort and cycle time.
• Comfortable identifying opportunities to streamline, standardize, and scale repeatable security activities without sacrificing quality or compliance.
• Working knowledge of software vulnerability management, including CVSS scoring, remediation workflows, and risk acceptance.
• Experience producing or supporting formal security deliverables (e.g., threat models, risk assessments, vulnerability reports, SBOMs).
• Strong written communication skills, with experience creating clear, structured technical documentation suitable for audits and regulatory review.
• Familiarity with secure development lifecycle (SDL) concepts and integration of security into design controls.
• Experience with opensource dependency analysis, static code analysis tools, or third---party security assessments.
• Exposure to Product Security Management frameworks, risk management files, or cybersecurity SOPs.
• Understanding of regulatory expectations for product cybersecurity (e.g., FDA, EU MDR/IVDR, or similar).
• Experience supporting security metrics, dashboards, or operational reporting.