Product Security Engineer

Xage is the leader in zero trust cybersecurity for the real world. The company has built significant early traction in real-world operations (i.e., in OT and IoT environments including Energy, Logistics and Supply Chain, Utilities, Manufacturing, Defense, and Space). Xage’s innovative mesh-protected Fabric provides identity, access control, remote access and data security in customer environments that are often in transition from traditional perimeter / zonal security to zero trust. Xage’s Fabric approach enables zero trust cyber hardening, while also underpinning the data-driven multi-party digital transformation of customer operations.

We are seeking a highly experienced Product Security Engineer to ensure the end-to-end security of Xage products.

Responsibilities

• Work closely with software engineering and product teams to achieve product and security business objectives. Implementation of secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products and tools.
• Providing security guidance on all new products and technologies within the organization.
• Collaborating with the engineering team to perform regular product security assessments and threat modeling.
• Managing the operations and effectiveness of the product security pipeline tools.
• Updating product security tooling to reduce false positives.
• Responding to vulnerabilities disclosed through threat detection systems.
• Maintaining internal documentation and security standards to ensure security best practices are followed.
• Designing and implementing tools to automate and scale security processes.
• Supporting the incident detection and response processes.
• Providing security support and leadership to the product engineering team.

Required Technical and Professional Expertise

• 10+ years of experience in product security and threat modeling.
• Bachelor's degree in Computer Science, Information Technology, or related field.
• Cyber security certifications.
• Proficient in one of the following programming languages: Java, C, C++, Golang or Rust.
• Experience with FIPS, SBOM, NIST SP 800-53/171, STIG, FedRAMP, Common Criteria/CCRA or other relevant compliance efforts.
• Experience with Agile methodologies and tools (Scrum, Kanban, etc.).
• Experience implementing and/or integrating secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products and tools.
• Strong interpersonal and communication skills, with the ability to effectively manage and influence stakeholders at all levels of the organization.
• Demonstrated experience in risk management, issue resolution, and project recovery.
• Experience coordinating between engineering and product development teams in a complex, fast-paced environment.
• Experience in the federal sector, particularly with the Department of Defense, Department of Homeland Security, or other relevant agencies.