Sr. Product Security Engineer

About The Position

Requirements

• 1–2 years of product security or application security experience required.
• Proficiency in programming languages such as Python, Java, Go, or C++.
• Hands-on experience with SAST, DAST, SCA, container security, and cloud-native security tools.
• Familiarity with security automation, CI/CD pipelines, and script-based tooling.
• Strong understanding of full-stack vulnerabilities, MITRE attack framework, OWASP Top 10 for existing and emerging technologies, secure coding, and microservice architectures.

Nice To Haves

• ~2 years of software development experience preferred.
• Experience with supply chain security and open-source dependency management is a plus.

Responsibilities

• Security Architecture & Design
• Lead security architecture and design reviews for prototypes, components, and new product features in distributed cloud environments.
• Develop and maintain threat models to proactively identify threats, misuses, and residual risks.
• Provide security consulting for emerging technologies, such as AI/ML, defining security requirements and design guardrails.
• Author and maintain product security policies, standards, and architectural guidance.
• Security Program Leadership
• Lead multi-year product security programs, driving roadmap planning, execution, cross-functional alignment, and measurable security improvements.
• Develop scalable security strategies that align with engineering velocity, product roadmaps, and business priorities.
• Influence teams across organizations to adopt secure design and secure development practices.
• Hands-On Security Testing
• Perform manual and automated security testing to validate real-world exploitability of vulnerabilities.
• Conduct manual secure code reviews with a focus on security and privacy risks.
• Execute DAST, API security testing, and container security scanning.
• Validate reported vulnerabilities and support customer security responses.
• Vulnerability Management
• Drive end-to-end vulnerability management, from identification to remediation across code, containers, infrastructure, and cloud.
• Utilize full-stack scanning tools (SAST, SCA, secrets scanning, container scanning) to uncover vulnerabilities early.
• Partner with engineering teams to prioritize and remediate vulnerabilities based on risk and product impact.
• Support product security incident responses, including triage, root-cause analysis, and remediation guidance.
• Enable Trust office to create and share customer vulnerability response.
• Security Automation & Tooling
• Build, enhance, and maintain security automation for scalable vulnerability detection, triage, and reporting.
• Promote the adoption of golden secure images, secure-by-default tooling, and supply chain security improvements.
• Improve open-source resiliency through integrity checks, dependency monitoring, and automated safeguards.
• Enable developer self-service through internal security tooling and guidance frameworks.
• Security Enablement & Knowledge Development
• Deliver technical security training for engineering teams, including secure coding, secure design, and modern threat awareness.
• Build and maintain a comprehensive security knowledge base, including best practices, threat models, secure design patterns, and remediation guides.
• Produce security evidence and documentation to support compliance, audits, certifications, and customer requirements.
• Prepare and present product security metrics to leadership and key stakeholders.