Apply on Employer Site

Cutsforth · 9 hours ago

Product Security Engineer

United States

Full-time

Remote

Senior Level

$133K/yr - $172K/yr

7+ years exp

Cutsforth is a company that specializes in product security across various offerings. As a Product Security Engineer, you will be responsible for defining, implementing, and governing product security controls throughout the full product lifecycle, ensuring security best practices are embedded in new products and managing product security incidents.

IndustrialMechanical EngineeringIndustrial Engineering

No H1B

Responsibilities

Embed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process

Identify vulnerabilities and security gaps during the design phase to present exploitation

Define and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication

Own firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation

Design and govern end-to-end encryption strategies spanning device, edge, and cloud

Establish security requirements for low-cost hardware, balancing risk, cost, and operational constraints

Conduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces

Partner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls

Own product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews

Manage coordinated vulnerability disclosure and CVE processes where applicable

Lead Product Lifecycle Management security initiatives from concept throughout development, release and maintenance

Conduct product security testing and oversee penetration testing, vulnerability scans and code reviews

Define the product security strategic roadmap, goals, priorities, features and align product security with business objectives

Qualification

Cybersecurity experienceProgramming languagesSecurity tools masterySecurity frameworks knowledgeAzure experienceSIEM experienceEmbedded systems securityIoT protocols understandingScripting automationAnalytical skillsBachelor's degreeCertifications CompTIACertifications CISSPCommunication skillsDetail-orientedDocumentation habits

Required

Successfully pass background check for cybersecurity site access

7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security

Hands on experience with programming languages like Python, Java, C++, or Go

Mastery of security tools like Burp Suite, Checkmarx, or SonarQube

Security Frameworks – solid understanding of OWASP Top 10, NIST and SOC2 compliance

Specific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard

Experience with Azure

7+ years of experience with scripting automation for security tasks using Python

Practical experience with at least one major SIEM – Splunk

Strong analytical and problem-solving skills

Ability to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders

Detail orientated with good documentation habits

Bachelor's degree in computer science or cyber security or related field

Preferred

CompTIASecurity+, CompTIA CYSA+, CompTIA PenTest+ or CEH preferred

CISSP

OSCP

Experience securing embedded systems, IoT devices, or industrial control systems

Familiarity with device authentication, PKI, and certificate lifecycle management

Understanding of common IoT protocols (MQTT, HTTPS, AMQP, or similar)

Benefits

Medical, Vision, Dental Insurance

Health Savings Account with Employer contributions

401(k) with Employer match

Short-term & Long-term Disability Coverage

Accidental Death & Dismemberment Coverage

Life Insurance Coverage

80 hours of Paid-Time-Off annually

Eight paid holidays per year

All other benefits required by applicable law

Company

Cutsforth

Cutsforth is a small company providing innovative designs for brush holder and shaft grounding replacements and collector ring services.

Founded in 1991

Ferndale, Washington, USA

51-200 employees

https://www.cutsforth.com

Funding

Current Stage

Growth Stage

Total Funding

$4M

2025-05-07Seed· $4M

Leadership Team

Benjamin Waurms

Chief Financial Officer

Matthew Michaels

Chief Operating Officer

Recent News

Google Patent

System and method for monitoring the status of one or more components of an …

2025-02-17

Google Patent

Brush assembly

2025-02-17

Google Patent

Brush holder assembly

2025-02-17

Company data provided by crunchbase