Product Security & Solution Security Engineer (PSSE)

Insight Global is seeking a Product Security & Solution Security Engineer (PSSE) to join a large utilities and critical infrastructure organization based in Concord (Vaughan). This individual will act as the Product & Solution Security representative for industrial software products across their full lifecycle, from design and manufacturing through deployment and sustainment.
This role focuses on securing the products being built, embedding secure‑by‑design principles into development workflows, and ensuring software products meet internal security requirements and industry best practices.

Day‑to‑Day
- Serve as the Product & Solution Security representative for software products throughout the product lifecycle
- Define, maintain, and enforce application security requirements and secure software engineering practices
- Guide, coach, and mentor developers on secure coding and secure‑by‑default design principles
- Perform threat modeling, threat and risk assessments, and security architecture reviews
- Provide hands‑on guidance on secure architecture, including authentication, authorization, secure communication, and secrets management
- Establish and promote secure software development lifecycle (SSDLC) practices and security gates
- Conduct and support secure testing activities including code reviews, SAST, DAST, SCA, and penetration testing
- Analyze vulnerabilities using CVE and CVSS scoring and drive mitigation and remediation efforts
- Collaborate with software engineering, QA, DevOps, IT, and product teams to embed security into delivery workflows
- Support investigation, response, and resolution of product security incidents
- Communicate security risks, mitigations, and best practices to technical and non‑technical stakeholders

Please Note: We may use artificial intelligence tools to assist with the screening, assessment, or selection of potential applicants for this position.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

- 3+ years of experience in application security, product security, or secure software development
- Strong programming experience in Python and/or C#/.NET
- Strong knowledge of OWASP Top 10, ASVS, and secure software development best practices
- Hands‑on experience with SAST, DAST, SCA, vulnerability management, and remediation workflows
- Experience with threat modeling, secure architecture, and secure API design
- Proven ability to mentor developers and provide practical security guidance
- Excellent communication skills and experience working with cross‑functional and international teams

- Experience securing industrial, embedded, or operational technology (OT) software
- Familiarity with IEC 62443, NIST, ISO 27001
- Knowledge of application and database security (e.g., IIS, SQL Server)
- Experience working in DevOps or CI/CD environments

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.