Position: Cybersecurity PSIRT Engineer
Location: Remote Opportunity
Duration: 6+ Months contract
Job Summary:
We are seeking a mid-to-senior level Cybersecurity PSIRT (Product Security Incident Response Team) Engineer Contractor to strengthen our product security posture through vulnerability triage, coordinated disclosure, and hardware-aware threat modeling. This individual will play a key role in enhancing our incident response and vulnerability management workflows, with an emphasis on IoT and network embedded device security, hardware-centric bug bounty support, and security hackathon initiatives. This is an exciting opportunity to contribute to both operational response and strategic development, supporting the continuous improvement of product security controls and the security quality feedback loop.
Key Responsibilities:
Lead or assist in the triage, technical analysis, severity scoring, and remediation coordination, and coordinated disclosure processes for product security vulnerabilities.
Investigate and manage hardware and firmware-related security vulnerabilities across hardware products (e.g., routers, switches, IoT devices).
Perform code analysis and vulnerability reproduction testing to identify potential security issues.
Collaborate cross-functionally with engineering, threat intelligence, incident response, and vulnerability research teams to analyze, triage, and resolve firmware vulnerabilities.
Support the full lifecycle of incident response: detection, analysis, containment, mitigation, and postmortem.
Conduct impact and risk assessments on vulnerability submissions to inform appropriate prioritization and response actions.
Engage with external security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd) to handle submissions, validate findings, and close the loop with engineering.
Help build out and evolve hardware-focused bug bounty and security hackathon programs, including defining scope, engagement guidelines, and validation workflows.
Contribute to the security quality feedback loop by ensuring lessons learned from incidents and vulnerabilities inform secure development practices, testing, and tooling.
Develop and maintain threat intelligence feeds relevant to our product and device ecosystem.
Support the creation of attack surface maps and device risk modeling profiles, aligned with MITRE ATT&CK, EMB3D, and internal threat models.
Apply and interpret CVE, CVSS, CWE, and CWSS scoring to measure and communicate risk.
Author internal reports, vulnerability advisories, and coordinate with external researchers and CERTs when needed.
Develop and refine internal tools, frameworks, and processes in support of work processes and activities.
Document incident workflows, threat analyses, and remediation guidance in Atlassian tools (Jira, Confluence) and coordinate via Slack.
Required Qualifications:
Bachelor's degree in computer engineering, Computer Science, Cybersecurity, or related field.
4 8+ years in cybersecurity, with experience in product security, PSIRT, or vulnerability management, ideally in an embedded or device-centric environment.
3+ years of experience in embedded systems or firmware development, security research, or vulnerability analysis.
Experience with secure software development lifecycles, fuzzing, or static/dynamic analysis tooling.
Solid understanding of common vulnerability types (buffer overflows, privilege escalations, etc.) in low-level code.
Proficient in IoT/embedded systems security architecture (firmware, trust anchors, bootloaders, secure boot, memory safety, and wireless protocols).
Familiar with MITRE ATT&CK and EMB3D frameworks, and how to apply them to threat modeling or response.
Able to replicate and assess exploitability and business impact of submitted vulnerabilities.
Working experience with bug bounty operations and direct researcher interaction.
Skilled in vulnerability triage, severity scoring (CVSS, CWE/CWSS), and root cause identification.
Preferred / Nice-to-Have Skills:
Participation in or support of security hackathons or Capture The Flag (CTF) events, especially those focused on embedded/hardware systems.
Experience supporting or building security quality assurance loops across engineering, QA, and product teams.
Understanding of threat intelligence
Remote Recruiter - Unlimited Earning Potential! Company: gpac (Growing People and Companies) Location: 100% Remote (Work from Home) Earning Potential: Commission-based (Top producers earn $200K-$500K+) Who We Are gpac is a family-owned executive search firm with...
**Job Title: Nurse Practitioner - Behavioral Health (Fully Remote)****Location** : Fully Remote**... ...be responsible for:+ **Monitoring the work queue** for any asynchronous requests from... ...: Enjoy the flexibility of working from home.+ **No on-call required** : You'll have...
...Pediatrician A Pediatrician is needed in Medina, NY. Titan Placement Group invites you to explore an opportunity best known for its Medina Sandstone, a stone used widely in buildings across the region. Some local examples include the "million dollar staircase" at...
...driver's license. Located in Lincoln Heights (Los Angeles CA 90031) Please call for Mariangela Gorosave at 323.227.5000 ext. 110 Office hours between 8:00am and 2:00pm Fabricante de Gabietes / Cabinet Maker Compaa especializada en fabricacin de gabinetes...
1. Manage and supervise the daily operations of the farm, ensuring production efficiency and quality standards. 2. Plan and design facility agriculture projects, including greenhouse construction, automation systems, and irrigation system planning. 3. Monitor budget and...