Cybersecurity Engineer, Product Security

Role Overview:

We are seeking a Cybersecurity Engineer focused on Product Security to help design, assess, and secure our next-generation sensor platforms and supporting software ecosystems. This role will work closely with Software Engineering, Embedded Systems, Hardware Engineering, Infrastructure, and Program teams to ensure security is integrated throughout the product lifecycle — from architecture and development through deployment and operational support. 

The ideal candidate has experience securing complex software and hardware systems within defense, aerospace, or other highly regulated environments. This individual will lead software security architecture efforts, perform threat modeling and risk assessments, support compliance initiatives, and help establish secure engineering standards across the organization. 

This is a highly collaborative and hands-on role with direct impact on the security and resiliency of mission-critical technologies deployed in operational environments. 

Responsibilities:  

• Product Security Engineering
  • Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure  
  • Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)  
  • Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems  
  • Develop secure design standards, engineering guidance, and product security best practices  
  • Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation  
• Threat Modeling & Risk Assessment
  • Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure  
  • Conduct cybersecurity risk assessments for products, systems, and operational environments  
  • Identify attack surfaces, trust boundaries, and potential exploitation paths  
  • Work with engineering teams to prioritize and remediate identified security risks  
  • Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies  
• Compliance & Security Authorization
  • Support cybersecurity compliance initiatives and product authorization efforts including:  
  • RMF (Risk Management Framework)  
  • ATO (Authority to Operate)  
  • Export control and regulated data handling requirements  
  • Assist with development of system security documentation, security controls, SSPs, and assessment artifacts  
  • Support internal and external security audits, assessments, and accreditation activities  
  • Collaborate with government, customer, and program stakeholders on security requirements and authorization activities  
• Security Testing & Validation
  • Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts  
  • Support secure configuration and hardening efforts across software, operating systems, and embedded environments  
  • Review software and system telemetry to identify potential security weaknesses or anomalous behavior  
  • Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility  
• Cross-Functional Collaboration
  • Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements  
  • Contribute to the development of scalable product security processes and governance  
  • Support customer and internal security reviews related to deployed technologies and operational environments  
  • Mentor engineering teams on secure development and security-by-design principles  

 Minimum Requirements: 

• 5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles  
• Experience with software security design and secure system architecture principles  
• Hands-on experience conducting threat modeling and cybersecurity risk assessments  
• Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts  
• Familiarity with cybersecurity frameworks and compliance standards including:  
• RMF  
• NIST 800-53  
• NIST 800-171  
• CMMC  
• DFARS  
• Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS 
• Understanding of cloud, endpoint, network, and identity security concepts  
• Strong analytical, troubleshooting, and technical communication skills  
• Ability to operate effectively in a fast-paced startup environment  
• Must be a U.S. Citizen eligible for government facilities and sensitive information
• Ability to obtain additional security clearances as required by contract

Preferred Requirements: 

• Active Security Clearance
• Experience supporting defense, aerospace, government contracting, or regulated technology environments  
• Experience securing embedded systems, sensor platforms, or edge computing technologies  
• Familiarity with export control requirements including ITAR and EAR  
• Experience with secure DevSecOps pipelines and automation practices  
• Experience with Microsoft GCC High environments and regulated cloud architectures  
• Firmware development experience  
• BIOS/UEFI security or development experience  
• Hardware security design experience  
• Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge  
• Experience with scripting or automation using Python, PowerShell, or Bash  
• Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent  

Why CHAOS?

• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices

The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. 

Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.

#LI-onsite