Product Security Incident Response and Vulnerability Management

Job Description

Vulnerability Management and Product Support:
On behalf of our Consulting client, Procom is searching for a Vulnerability Management and Product Support for a 6 month contract role. This position is a remote position located in Toronto, Ontario, Canada.

Vulnerability Management and Product Support - Job Description:
This role involves participating in the Product Security Incident Response Team (PSIRT) to manage and address security vulnerabilities across product lines. The position includes leading penetration testing activities and conducting threat analysis and risk assessments to ensure the security of our client's product solutions.

Vulnerability Management and Product Support - Responsibilities:
• Serve as an active participant in PSIRT
• Drive team actions to identify, track, and address security vulnerabilities
• Recommend and document corrective actions for security issues
• Maintain vulnerability resolution tracking using metrics and tooling
• Support triage of externally reported vulnerabilities and coordinate responses
• Lead and execute penetration testing activities across product solutions
• Conduct firmware, software, and hardware penetration testing
• Communicate discovered vulnerabilities to engineering teams and PSIRT
• Train engineering teams on TARA methodology and secure-by-design principles
• Provide training and guidance on security best practices

Vulnerability Management and Product Support - Mandatory Skills:
• Bachelor's degree in Computer Science, Computer Security, Computer Engineering, or Electrical Engineering
• 4+ years of experience with wireless stacks including Z-Wave, Zigbee, Wi-Fi
• Demonstrated penetration testing experience across firmware, software, and hardware
• Proven ability to develop exploits for ARM or x86 embedded devices
• Experience using fuzzers for vulnerability discovery
• Proficiency in C and C++ for embedded development, plus scripting in Python, Java
• Strong understanding of software vulnerability classes and mitigations

Vulnerability Management and Product Support – Nice-to-Have Skills:
• Familiarity with wireless SoC platforms and software stacks
• Security certifications: GPEN, GREM, CEH, OSCP, CISSP
• Experience with hardware security tooling: JTAG, UART, SPI/I2C sniffing
• Background in ICS/OT, medical device, or smart energy product security
• Experience contributing to or leading a PSIRT function

Vulnerability Management and Product Support – Assignment Length:
This is a 6 month contract position.

Vulnerability Management and Product Support - Start Date:
ASAP.

Vulnerability Management and Product Support - Assignment Location:
Remote position located in Toronto, Ontario, Canada.

This employer uses both human and technology-assisted tools to support candidate screening and assessment. Final hiring decisions are made by people.