Principal Product Security Engineer

Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization: running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We're a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We're looking for mission-oriented teammates who embody our core values of authenticity, transparency and trust. Are you ready to make a difference? Come join a mission that can save the world!

About the role:

As a Principal Product Security Engineer at Dragos, you will lead our product security efforts. You'll be responsible for implementing and maintaining our security program throughout the software development lifecycle, managing our Product Security Incident Response Team (PSIRT), and collaborating with cross-functional teams to address critical security challenges. Our ideal candidate will have deep technical expertise in product security and a collaborative approach to working with engineering teams. You'll play a pivotal role in shaping our security strategy, establishing standards and processes, and ensuring our products meet the highest security requirements in the industrial cybersecurity space.

Location: USA (Remote)

• Lead the product security efforts of the Dragos engineering department.
• Lead the Dragos PSIRT, including identifying potential threats across Dragos Product offerings, coordinating response to reported vulnerabilities, and managing high-severity security events.
• Evaluate the need for, and participate in, the release of Product Advisories and Security Bulletins.
• Develop security reference architectures, standards, and guidelines that strengthen Dragos's product security posture.
• Integrate security tooling throughout CI/CD pipelines to proactively detect and mitigate threats to Dragos products.
• Work with Product Teams to address vulnerabilities within the product at a regular cadence.
• Lead and conduct security engineering tasks, including proofs of concept, lab exercises, R&D, and security tool evaluation
• Organize and oversee periodic pen tests against all Dragos product offerings

• 7+ years of direct cybersecurity experience, with strong product development background.
• Minimum of 5 years' experience in product security and SAST/DAST implementation.
• Experience implementing and maintaining product security via CI/CD pipelines.
• Experience with security in cloud (AWS/Azure/GCP), on-premise, and virtualized environments.
• Experience working with multiple operating systems, databases, and applications.
• Experience designing secure networks, systems, and application architectures.
• Experience conducting pen tests, red team engagements or technical security assessments (and producing accompanying reports)
• Track record of driving security improvements across complex organizations.
• Familiarity with compliance frameworks (SOC2, ISO27001, NIST, etc.).
• Experience leading security incident response.

• Salary: $225,000
• Competitive Equity Package
• Comprehensive Benefits Plan

Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.

#LI-JF1 #LI-REMOTE