Treaty Software is a dynamic and passionate team specializing in custom software development for private and public sector organizations. Headquartered in Ireland and California, we deliver innovative solutions to streamline legacy systems, enhance competitiveness, and unlock the potential of digital transformation. Our expertise spans custom software, data analytics, Microsoft Digital and App Innovation, and AI integration. We are committed to creating software solutions that simplify operations, improve businesses, and exceed expectations.
Role Description
We are seeking a Product Security Engineer / Threat Analyst to work on a Hybrid basis for our Limerick based customer. 3 days from home, 2 days from office.
Joining the Post-Market Vulnerability Team, you will be at the forefront of product security cybersecurity defense, with responsibilities spanning threat research, vulnerability assessment, exploitability analysis, impact determination, regulatory documentation, and cross‑functional communication. It strongly overlaps with medical‑device cybersecurity practices (e.g., vulnerability scoring, exploitability evaluation, residual risk calculation, documentation for regulatory bodies).
The successful candidate will collaborate with cross‑functional teams to ensure products meet the highest standards of security and regulatory compliance, while proactively improving threat detection and response capabilities. You will play a crucial role in securing an extensive range of medical devices and systems against cyber threats. You will be responsible for monitoring, analyzing, and responding to incoming security signals within products, conducting in-depth research on emerging cyber threats, vulnerabilities, and attack vectors. You will evaluate product impact and reassess threats based on product security factors. You will be required to use your deep understanding of threat research to document possible threats and their impact to the products.
The primary work will involve vulnerability assessments, which includes threat research and analysis, potential impact, and exploitability. Assessments will involve product and code analysis to determine the exploitability of vulnerability, as well as assessing safety risk, severity and likelihood.
Responsibilities
Implement strategies to identify, analyze, and mitigate cyber threats targeting the products.
Potential involvement in threat hunting activities, though largely product‑focused rather than enterprise‑SOC‑focused.
Conduct in‑depth threat research on vulnerabilities, attack vectors, and possible impacts.
Develop and maintain artefacts required for regulatory submissions, including vulnerability scans, System Security Plans (SSPs), and Risk Assessment Reports.
Determine and document likelihood of exploitability and potential safety risks for potentially impacted products.
Calculate residual risk for vulnerabilities by considering compensating controls, mitigations, and operational environments.
Document all threat research and vulnerability assessments in clear, concise, and actionable reports.
Work with the public relations teams, providing accurate and timely information on threat status, impact, and analysis for product leadership and customers.
Partner with product security officers and cross‑functional teams to define threat impacts, implement mitigations, and coordinate responses.
Continuously enhance product vulnerability management processes, tools, and technologies.
Stay up to date with the latest cybersecurity trends, vulnerabilities, and emerging threats.
May perform other duties as required.
Qualifications
At least 2 years of experience in cybersecurity, with expertise in threat hunting and vulnerability analysis.
Strong knowledge of cybersecurity threats, vulnerabilities, attack vectors, and controls (e.g., authentication, cryptography, secure coding).
Familiarity with DevSecOps practices and tools for SCA, SAST, and vulnerability scanning.
Experience with security frameworks such as NIST 800-53, ISO 27001, GDPR, or IEC 81001-5.
Strong understanding of MS Windows and Linux operating systems (past and current) and the .NET framework.
Experience with threat intelligence platforms, threat hunting tools, and cybersecurity frameworks.
Experience implementing and demonstrating compliance to security frameworks such as NIST 800-53, IEC 81001-5, HITRUST, HIPAA, GDPR, and ISO 27001.
Ability to work in a fast‑paced, dynamic environment and manage multiple priorities.
Strong analytical and problem‑solving abilities.
Strong written and verbal communication skills.
Strong technical acumen.
Relevant certifications such as Security+, CEH, or GIAC are a plus.
#J-18808-Ljbffr