[Remote] Product Security Research Engineer

Note: The job is a remote job and is open to candidates in USA. Mastech Digital is seeking a Product Security Research Engineer to join their team in San Jose, CA. This role focuses on the proactive discovery and validation of attack paths within the Nutanix product ecosystem, requiring a deep understanding of software vulnerabilities and the ability to translate offensive research into preventative measures.

Responsibilities

• Attack Path Discovery: Partner with Security Architects to identify and technically validate potential exploit sequences. You will engineer proofs-of-concept to demonstrate how individual vulnerabilities can be linked to create significant product exposure
• Impact Analysis: Perform deep-dive technical research to determine the exact “blast radius” of a vulnerability. You will be responsible for identifying exactly which products and versions are impacted and what specific data or services are at risk
• Proactive Defense: Translate offensive research into preventative measures, providing Engineering teams with the technical evidence and architectural guidance needed to implement robust, long-term mitigations
• AI-Enhanced Security Engineering: Explore and implement AI-driven automation to enhance our discovery and analysis capabilities. You will use emerging technologies to scale the identification of complex vulnerability patterns across the Nutanix stack
• Technical Advocacy: Serve as a senior technical subject matter expert during high-stakes triage, helping stakeholders understand the practical reality of threat through evidence-based technical analysis and exploit modeling

Skills

• 6-9 years of experience in Product Security Engineering, Vulnerability Research, or Offensive Security, with a focus on deconstructing complex software systems
• A talent for 'Attack Path Thinking', you can look at a complex architecture and identify how a minor logic flaw could lead to a major compromise
• A strong understanding of software vulnerabilities (logic flaws, memory corruption, auth bypasses) and how they manifest in cloud-native and hybrid-cloud environments
• Experience or a strong interest in using AI-driven tools to scale security engineering and automate the discovery of sophisticated vulnerability patterns
• An ability to work as peer with Architects and Developers, using technical data and research to build consensus on remediation paths
• Experience with reverse engineering or high-level exploit development in a research-focused environment
• Familiarity with 'Graph-based' security analysis (mapping relationships between assets, permissions, and vulnerabilities)
• Contributions to the security community, such as tool development, technical whitepapers, or responsibility disclosed CVEs
• Experience in a distributed engineering environment where technical evidence is the primary driver of security prioritization

Company Overview

Company H1B Sponsorship