Product Security Engineer

Nozomi Networks is the leader in OT and IoT Cybersecurity, protecting critical infrastructure from cyber threats. The Product Security Engineer will lead product security efforts, including risk assessments, penetration testing, and security feature development.

Responsibilities:

• Embody the Nozomi Networks Cultural Pillars and our mission to protect what matters most with transparency and trust
• Conduct penetration and vulnerability assessment review and validation
• Conduct risk assessment, penetration testing, code reviews, and static analysis or other security validation of specific projects
• Composition analysis review (SBOM)
• CVE reviews
• Security validation
• Reviews and development of specific security features
• Projects and research work as needed

Requirements:

• Proven experience in a combination of risk management, information security, and IT jobs
• Software development background, proven experience with SDLC
• Ability to find security problems in code and design
• Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST
• Good knowledge of crypto algorithms
• A good understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, etc.)
• Good knowledge of a scripting language and Unix operating system
• High level of English proficiency, both spoken and written
• Ability to operate in settings with strong confidentiality and data privacy protocols
• Professional security management certification is a strong advantage
• Experience with at least one of the major cloud computing vendors
• Experience in Agile software development desirable