Freelance Product Security Engineer

About the role

We are seeking a Freelance Product Security Engineer to join a global medical‑device organization in Limerick. The role focuses on embedding security into regulated software‑based medical products, working closely with engineering, quality, regulatory and cybersecurity teams.

Key responsibilities

• Support product and application security across regulated software‑based medical products.
• Define and champion secure SDLC and secure‑by‑design practices.
• Partner with software and product engineering teams on security requirements, secure coding and remediation.
• Lead or support threat modelling and product security risk assessments.
• Review software and product designs, providing practical application security guidance.
• Conduct vulnerability, exploitability, impact and risk assessments.
• Utilise SAST, DAST, SCA, vulnerability scanning and dependency analysis tools.
• Support SBOM review, software composition analysis and open‑source governance.
• Contribute to product security documentation within a regulated quality environment.
• Collaborate with software, systems, quality, regulatory and cybersecurity teams.

Required profile

• 3+ years of experience in product security, application security, software security, secure software development or security architecture.
• Strong understanding of secure SDLC, secure‑by‑design and secure software development principles.
• Hands‑on experience with SAST, DAST and SCA/software composition analysis.
• Experience with SBOMs, dependency analysis, open‑source governance or software supply‑chain security.
• Proven ability to assess vulnerabilities, exploitability, risk, impact and remediation options.
• Solid cyber fundamentals including cryptography, CIA triad, threat modelling, authentication, encryption and secure communications.
• Familiarity with secure coding standards and frameworks such as OWASP or NIST.
• Excellent written documentation skills and ability to provide clear technical guidance to engineering teams.
• Experience working in a regulated, quality‑managed or safety‑critical environment.

Required skills

• SAST
• DAST
• Software Composition Analysis (SCA)
• SBOM
• Vulnerability scanning
• Dependency analysis
• OWASP frameworks
• NIST guidelines
• Cryptography
• Threat modelling
• Authentication
• Encryption
• Secure communications