Sr. Product Security Engineer IIGlaukos Corporation • Burlington, MA, United States
Sr. Product Security Engineer II
Glaukos Corporation • Burlington, MA, United States
18 hours ago
Job type
- Full-time
Job descriptionEmbed secure development practices (threat modeling, secure coding, code review standards) into the software development lifecycle. Define and support secure CI / CD practices, including secrets management, dependency management, and supply-chain security. Partner with DevOps / IT to secure cloud infrastructure, build pipelines, and deployment environments. Assist the testing team with security testing efforts for new and on-market products, including penetration testing, fuzzing, and static / dynamic code analysis. Update and maintain vulnerability management processes, including SBOM creation and maintenance. Collaborate with QA to integrate automated security testing into regression and release pipelines. Documentation & Compliance Generate and maintain pre-market security documentation to support regulatory submissions (e.g., security risk assessments, security architecture views, threat models, FDA cybersecurity guidance compliance). Maintain records of vulnerability assessments, mitigations, and patch processes. Support audit and inspection readiness with thorough, traceable documentation Manage product vulnerability assessment and mitigation activities, both pre-market and post-market. Coordinate cross-functional response to newly discovered vulnerabilities, including communication, remediation, and regulatory reporting. Track and monitor vulnerability disclosures from third-party libraries and components. Act as the security subject matter expert across product teams. Provide training and mentoring to engineers on secure design and coding practices. Partner with compliance, regulatory, and quality teams to align product security strategy with organizational goals 7-10 years total professional experience in software engineering, cybersecurity, or related technical fields. 3-5 years focused on product or embedded system security, ideally within regulated or safety-critical industries (medical device, aerospace, automotive, or defense). Demonstrated experience with : Designing or assessing security architectures for embedded or connected systems. Implementing secure development lifecycle (SDL) practices within engineering teams. Leading or participating in vulnerability management and coordinated disclosure processes. Generating pre-market cybersecurity documentation or equivalent regulatory submissions (e.g., FDA, ISO 14971, IEC 81001-5-1). Collaborating cross-functionally (engineering, QA, regulatory, IT) to implement and sustain security programs. Prior experience as a product security lead or security point of contact for a commercial medical or industrial product. Experience integrating security testing automation into CI / CD environments. Experience supporting external audits, penetration tests, or third-party security assessments. Secure system and software design principles (least privilege, defense in depth, threat modeling, zero trust). Risk management frameworks : NIST 800-53, NIST 800-30, ISO 27001, ISO 14971 , and IEC 81001-5-1 . Cryptography fundamentals (key management, TLS, symmetric / asymmetric encryption, hashing). Authentication and authorization mechanisms, identity management, and secure session handling. Secure coding standards (e.g., CERT C / C++ , OWASP , MISRA , CWE / SANS Top 25 ). Supply chain security concepts and SBOM management (SPDX, CycloneDX) . CI / CD security practices, secrets management, container security (Docker, Podman), and artifact signing. Common security testing tools : SAST, DAST, SCA, fuzzers, and pen-testing frameworks . Familiarity with cloud infrastructure (AWS, or on-prem Linux environments). Incident response and vulnerability disclosure processes. FDA cybersecurity premarket and postmarket guidance. Secure update / patch management strategies (aligned with FDA "updateability & patchability" expectations). Audit-ready documentation practices and traceability to design controls. Bachelor's degree in Computer Science, Electrical / Computer Engineering, Cybersecurity , or a related field. Master's degree in Cybersecurity, Software Engineering, or Systems Engineering (ideal for regulated product security leadership).
Job Description
Sr. Product Security Engineer
What You'll Do :
The Senior Product Security Engineer, based in Burlington Massachusetts, is a critical, high-level engineering position tasked to leading security efforts across the product lifecycle, ensuring products meet regulatory expectations and industry best practices for cybersecurity. This role provides both hands-on technical expertise and cross-functional leadership, with influence over product strategy, development processes, and post-market security posture.
Security Architecture & Requirements
- Define security requirements and risk mitigations for new products and features.
- Translate regulatory and industry security standards (e.g., FDA, ISO 27001, NIST, OWASP) into actionable product requirements.
- Develop and maintain security architecture diagrams and models for software and integrated systems.
Development Lifecycle Security
Testing & Validation
Vulnerability & Incident Management
Cross-Functional Leadership
How You'll Get There :
Preferred
Core Product Security Knowledge
DevOps & Infrastructure Knowledge
Regulatory & Documentation Knowledge
Minimum
Preferred
#GKOSUS
About Us
Generous. Innovative. Leadership-driven. Family-oriented. Socially responsible.
Founded in 1998, Glaukos Corporation is an ophthalmic pharmaceutical and medical technology company focused on developing and commercializing novel therapies for the treatment of glaucoma, corneal disorders, and retinal diseases.
Our mission at Glaukos is to truly transform vision by pioneering novel, dropless therapies that can meaningfully advance the standard of care and improve the lives of patients suffering from chronic, sight-threatening eye diseases.
Innovation is at the core of everything we do, and we are resolute in our commitment to challenge conventional thinking with new treatment alternatives that are supported by real science, robust clinical evidence, and an unrelenting focus on patients.
Our constant pursuit of game-changing technologies that disrupt legacy treatment paradigms is encapsulated in the Glaukos mantra "We'll Go First," which articulates our willingness to take chances, our determination to forge new ground, and our commitment to continuous improvement in all that we do.
Our company completed an initial public offering in June of 2015, and our shares are traded on the New York Stock Exchange under the ticker symbol "GKOS". Our global headquarters is in Aliso Viejo, California with additional locations in San Clemente, California, and Burlington, Massachusetts.
Glaukos Corporation is an Equal Opportunity / Affirmative Action Employer . All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Create a job alert for this search
Sr Security Engineer • Burlington, MA, United States
Related jobs
Scroll down the page to see all associated job requirements, and any responsibilities successful candidates can expect.MA101 : Andover MA 350 Lowell St Essex 350 Lowell Street Essex, Andover, MA, 01...Show more
We anticipate the application window for this opening will close on - 29 Nov 2025.At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare acce...Show more
Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.Your sk...Show more
OpenGov is the leader in AI and ERP solutions for local and state governments in the U.More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov ...Show more
Apply now : Senior Product Security Engineer, location is Remote.The start date is February 24th for this contract position.
Senior Product Security Engineer.February 24th (to participate in a three-...Show more
Lead Adversarial Security Engineer.Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work.
Our comprehensive, GenAI-powered platform helps organizations confronte...Show more OpenGov is the leader in AI and ERP solutions for local and state governments in the U.More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov ...Show more Qualifications, skills, and all relevant experience needed for this role can be found in the full description below.MA131 : Tewksbury, MA Bldg 1 Assabet 50 Apple Hill Drive Assabet - Building 1, Tew...Show more 
Lead Product Security Engineer (R&D Cytology).Marlborough, MA, United States.Discover a career with real meaning.One that offers the opportunity to showcase your talents, achieve measurable success...Show more Read on to fully understand what this job requires in terms of skills and experience If you are a good match, make an application.
MA801 : Marlborough, MA 1001 Boston Post Road Building 2, Marlboroug...Show more Apply promptly! A high volume of applicants is expected for the role as detailed below, do not wait to send your CV.MA101 : Andover MA 350 Lowell St Essex 350 Lowell Street Essex, Andover, MA, 01810...Show more 
Manager, Platform Engineering, Workday (Workday Security) The Workday Senior Manager, Platform Engineering will be responsible for leading the design, implementation, and maintenance of security an...Show more
It's the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying "hello.
It's in these moments that sound matters most.At Bose, we believe...Show more
HackerOne is a global leader in Continuous Threat Exposure Management (CTEM).The HackerOne Platform unites agentic AI solutions with the ingenuity of the world's largest community of security resea...Show more
Security risk management techniques Regulatory standards and compliance frameworks (e.NIST Cybersecurity Framework,ISO27001, SOC2, HIPAA, GDPR) Pre-market product development activities Medical dev...Show more
MA113 : Andover MA 352 Lowell Hampshir 352 Lowell Street Hampshire, Andover, MA, 01810 USA.Person, or Immigration Status Requirements : .
At Raytheon, the foundation of everything we do is rooted in ou...Show more The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety.Yo...Show more While professional experience and qualifications are key for this role, make sure to check you have the preferable soft skills before applying if required.
MA133 : Tewksbury, Ma Bldg 3 Concord 50 App...Show more
Test Engineer II - 2nd Shift
Raytheon • Lawrence, Massachusetts, US
Permanent
Last updated: 10 days ago • Promoted
Senior Product Security Engineer
Medtronic • Boston, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Product Security Engineer, AI
META • Boston, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Sr. Application Security Engineer
OpenGov • Boston, MA, United States
Full-time
Last updated: 4 days ago • Promoted
Senior Product Security Engineer
Mondo • Danvers, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Lead Adversarial Security Engineer
Trellix • Boston, MA, United States
Full-time
Last updated: 3 days ago • Promoted
Sr. Security Operations Engineer
OpenGov • Boston, MA, United States
Full-time
Last updated: 4 days ago • Promoted
Systems Engineer II
Raytheon • Salem, New Hampshire, US
Permanent
Last updated: 30+ days ago • Promoted
Lead Product Security Engineer (R&D Cytology)
Hologic • Marlborough, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Systems Engineer Engineer II-Cyber Engineer SPY6 - (On-site Marlborough, MA) P2
Raytheon • Fayville, Massachusetts, US
Permanent
Last updated: 9 days ago • Promoted
Systems Engineer II - Integration & Test Lab Andover Onsite
Raytheon • Tewksbury, Massachusetts, US
Permanent
Last updated: 11 days ago • Promoted
Sr. Manager, Platform Engineering, Workday (Workday Security)
Capital One • Harvard Square, MA, US
Full-time +1
Last updated: 1 day ago • Promoted
Product Security Engineer
Bose • Framingham, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Principal Product Manager, Agentic Offensive Security
HackerOne • Boston, MA, United States
Full-time
Last updated: less than 1 hour ago • Promoted • New!
Product Security Engineer
Omni Inclusive • Danvers, MA, United States
Full-time
Last updated: 18 hours ago • Promoted • New!
Manufacturing Engineer II - 2nd Shift
RTX • Andover, MA, US
Full-time
Last updated: 30+ days ago • Promoted
Product Security Engineer, Instagram
META • Boston, MA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Sr. Reliability Engineer
Raytheon • Tewksbury, Massachusetts, US
Permanent
Last updated: 30+ days ago • Promoted