Product Security R&D Engineer

Title: Product Security R&D Engineer
Job Type : FTE
Location: Cleveland, Ohio – Hybrid

Job Summary
Wright Technical Services is proud to represent a highly respected Fortune 500 global manufacturer for this position. We are seeking a skilled and motivated Product Cybersecurity Engineer to lead the development and implementation of a comprehensive product security program within the R&D department. This role will be instrumental in enhancing the cybersecurity posture of our software-driven products, including embedded systems and cloud-connected platforms. The ideal candidate will enhance R&D capabilities to identify and mitigate security risks, embed security best practices into every phase of the Secure Software Development Lifecycle (SSDLC), standardize threat modeling and risk assessment practices, and work cross-functionally with IT to address key gaps identified in our product security assessment.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Electrical Engineering, or related field – required
• 8+ years of experience in cybersecurity, with at least 2 years focused on product or embedded system security.
• Experience working in Agile/Scrum environments and familiarity with DevSecOps practices.
• Proficiency in threat modeling, secure coding, and vulnerability management.
• Hands-on experience with security tools such as SAST/DAST scanners, SBOM generators, and PKI systems.
• Familiarity with secure coding in C/C++, Python, Java, and embedded systems languages.
• Understanding of secure boot, firmware signing, and TPM-based authentication.
• Experience with embedded Linux, Yocto, and real-time operating systems (RTOS).
• Familiarity with cloud-native security, API security, and IoT device protection.
• Strong understanding of secure software development practices and common vulnerabilities (e.g., OWASP Top 10).
• Familiarity with CI/CD pipelines and DevSecOps practices.
• Certifications (Preferred): Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or equivalent cybersecurity certifications.
• Strong communication and collaboration skills across technical and non-technical teams.
• Ability to lead cross-functional initiatives and drive cultural change around security.

Description and Responsibilities

• Program Development and Governance
• Establish and operationalize a formal Product Security Program aligned with corporate SDLC and Secure Design standards and best practices
• Collaborate with engineering, IT, and compliance teams to define and enforce security requirements across product lines
• Develop and maintain security policies, procedures, and technical standards for product development
• Stay current with emerging security threats, vulnerabilities, and mitigation techniques and update/evolve program and governance accordingly
• Threat Modeling and Secure Design
• Lead and standardize threat modeling activities using methodologies such as STRIDE, PASTA, or LINDDUN
• Assist with security architecture reviews and design analysis for new and existing products
• Standardize guidelines for documentation of data flows, trust boundaries, attack surfaces, and security controls
• Secure Development Lifecycle Integration
• Operationalize a formal Secure Development Lifecycle with security tools and practices (e.g., SAST, DAST, SBOM, secrets scanning) into CI/CD pipelines
• Ensure secure coding practices are followed and validated through peer reviews and automated testing
• Support the development of secure signing, secure boot, and credential management processes
• Provide guidance on secure coding practices and conduct security training for developers
• Develop and maintain security tools, libraries, and automation to support secure development practices
• Vulnerability and Risk Management
• Implement and manage vulnerability tracking, CVE remediation workflows, and SBOM maintenance
• Coordinate with Testing and DevOps teams to ensure timely patching and secure deployment practices
• Represent R&D in incident response planning and product-related security investigations
• Participate in security assessments, including penetration testing and third-party audits
• Customer and Compliance Enablement
• Work with Product Management to establish standards for various product segments
• Ensure compliance with relevant standards and regulations (e.g., NIST, CCPA, GDPR, EU CRA, Trust Mark)
• Support audits, assessments, and customer security inquiries
• Interpret evolving cybersecurity threats, regulatory changes, and industry trends to improve product security strategy
• Strategic Problem Solving and Innovation
• Analyze technical and organizational challenges across product lines and propose scalable, secure solutions
• Collaborate with cross-functional teams to identify systemic issues and recommend best practices that align with business goals

Eligibility: All applications current authorized to live and work in the United States on a Permanent basis are welcome to apply. Must be currently residing in the US. Sponsorship is not available for this position.

Wright Technical Services and our client are Equal Opportunity Employers. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.