Product Security Engineer

Freelance Product Security Engineer - Contract / Contract-to-Perm

Industry: Medical Device / Life Sciences

Location: Limerick, Ireland

Working model: Hybrid - 2 days minimum per week onsite

Contract length: Initial 6 months

Rate: Competitive

Eligibility: Candidates must already have the right to work in Ireland

We are working with a global organisation in the medical device / life sciences industry to recruit a Freelance Product Security Engineer for a long-term contract opportunity based in Limerick.

This role is focused on product security, application security, secure SDLC, software security and secure-by-design development within a regulated medical product environment. The successful contractor will work closely with software engineering, product development, quality, regulatory and cybersecurity teams.

The work will include security requirements, threat modelling, SAST, DAST, SCA, SBOM review, software composition analysis, vulnerability assessment, exploitability assessment, secure coding and remediation planning.

This is not a SOC, SIEM, network security, cloud security or general infrastructure security operations role.

Key Responsibilities

• Support product security and application security across regulated software-based medical products.
• Define and support secure SDLC and secure-by-design practices.
• Partner with software and product engineering teams on security requirements, secure coding and remediation.
• Lead or support threat modelling and product security risk assessments.
• Review software/product designs and provide practical application security guidance.
• Support vulnerability assessment, exploitability assessment, impact assessment and risk review.
• Work with SAST, DAST, SCA, vulnerability scanning and dependency analysis tools.
• Support SBOM review, software composition analysis and open-source governance.
• Contribute to product security documentation within a regulated quality environment.
• Collaborate with software, systems, quality, regulatory and cybersecurity teams.

Required Experience

• 3+ years' experience in product security, application security, software security, secure software development or security architecture.
• Strong understanding of secure SDLC, secure-by-design and secure software development principles.
• Hands-on experience with SAST, DAST and SCA / software composition analysis.
• Experience with SBOMs, dependency analysis, open-source governance or software supply chain security.
• Experience assessing vulnerabilities, exploitability, risk, impact and remediation options in application or product environments.
• Strong cyber fundamentals, including cryptography, CIA triad, threat modelling, authentication, encryption and secure communications.
• Understanding of secure coding standards and frameworks such as OWASP, NIST or similar.
• Ability to work directly with engineering teams and provide clear, practical technical guidance.
• Strong written documentation skills.
• Experience working in a regulated, quality-managed or safety-critical environment.

Nice to Have

• Experience in medical device, life sciences, regulated software, product security or application security environments.
• Experience with Windows applications, .NET, SQL Server, Angular, jQuery or similar software environments.
• Familiarity with FDA, MDR, ISO 13485, IEC 62304, NIS2 or similar regulated frameworks.
• Security certifications such as CISSP, CSSLP, CEH or similar.

This is a strong freelance contract opportunity for someone who wants a hands-on, engineering-facing Product Security Engineer role in the medical device / life sciences industry.