Senior Product Security Engineer

MISO•Carmel, IN

3d•$140,000 - $165,000•Onsite

About The Position

As MISO’s Senior Product Security Engineer, you will help strengthen the security of systems that support the reliable delivery of electricity to millions of people. You will serve as a subject matter expert across IT, software engineering, and product teams to ensure that security is embedded throughout the entire product lifecycle, from design through deployment and end of life. This role focuses on building and scaling secure development practices so that engineering teams can consistently create secure, resilient applications. You’ll help shape security-first development processes, identify vulnerabilities early, and partner with teams across the organization to reduce risk and improve product security at scale.

Requirements

Bachelor’s degree in Computer Science, Information Security, or a related field, with strong understanding of authentication, networking, encryption, and core security principles.
At least 5+ years relevant work experience
Proven experience implementing secure coding practices and development frameworks at enterprise scale, with deep knowledge of common web application vulnerabilities (OWASP Top 10) and remediation techniques.
Hands-on experience with SAST and DAST, as well as integrating automated security testing into CI/CD pipelines (GitHub Actions preferred).
Proficient in two or more programming languages (Python, Java, JavaScript, C#) and scripting languages such as Bash or PowerShell.
Ability to work effectively with engineering, cybersecurity, and product teams, leading through influence to drive security adoption and best practices.

Nice To Haves

GWEB - GIAC Web Application Defender
CSSLP - Certified Secure Software Lifecycle Professional.
GMLE – GIAC Machine Learning Engineer

Responsibilities

Establishing and maturing application security practices, processes, policies, and standards for internally and externally developed applications across on-premises and cloud environments, leveraging frameworks such as NIST SSDF/CSF and standards like OWASP ASVS to define and verify security requirements.
Educating and enabling development teams to adopt secure coding practices and embed security into everyday engineering workflows, partnering across IT, engineering, and product teams to promote a security-first culture.
Conducting security architecture reviews and threat modeling to ensure applications are designed with strong security controls and align with organizational and industry best practices.
Implementing and executing application security testing, including SAST and DAST, and integrate automated security tools within CI/CD pipelines to detect vulnerabilities early in the development lifecycle.
Identifying, triaging, and tracking application vulnerabilities, collaborating with developers and cybersecurity teams to prioritize remediation, support incident investigations, and continuously assess product ecosystems and third-party integrations for potential risks.