To Apply for this Job Click Here
Information Security Engineer (Embedded / Product Security)
Role Overview
Seeking a hands-on Information Security Engineer to own security reviews, risk management, and incident response across embedded, product, and infrastructure environments. This role blends security engineering, risk & compliance oversight, and program ownership, supporting production systems in a hardware-adjacent, fast-moving environment.
The ideal candidate is comfortable operating independently, driving security initiatives end-to-end, and partnering closely with engineering teams to ensure systems are secure, compliant, and production ready.
Must-Have Qualifications
- 5+ years of experience in Security Engineering, Product Security, or DevSecOps
- Proven experience conducting security reviews, risk assessments, and vulnerability management
- Hands-on incident response experience, including investigation and remediation
- Strong experience securing Linux-based systems, applications, and networks
- Exposure to embedded, IoT, hardware-adjacent, or cyber-physical systems
- Proficiency with Python and Bash for security automation
- Experience integrating security into CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins)
- Familiarity with security and compliance frameworks (NIST 800-53/171, ISO 27001, FedRAMP, or similar)
- Experience working with security tools such as endpoint protection, IDS/IPS, firewalls, or vulnerability scanners
- Ability to operate independently, manage multiple priorities, and own initiatives end-to-end
- Strong communication and documentation skills
Nice-to-Have
- Experience securing embedded ARM platforms, Jetson, or firmware
- Background in defense, robotics, or hardware-centric environments
- Knowledge of anti-tamper techniques or reverse-engineering tools
- Experience with infrastructure-as-code (Terraform, CloudFormation)
- Familiarity with FPGAs or embedded toolchains
- Security certifications (CISSP, CISM, Security+)
Core Responsibilities
- Own and execute security reviews, risk assessments, and vulnerability scans across applications, infrastructure, and embedded systems
- Develop, implement, and maintain information security policies, standards, and controls
- Monitor systems and investigate security events; lead incident response, remediation, and post-incident reviews
- Coordinate compliance activities and audits aligned with frameworks such as NIST, ISO 27001, FedRAMP, or similar
- Partner with engineering teams to harden systems and embed security into development and deployment workflows
- Automate security checks, scans, and guardrails using Python and Bash
- Provide clear status reporting, risk summaries, and incident documentation to stakeholders
Interested candidates may submit their resumes online or call at 310-906-4780 for further information regarding the position
