Product Security Engineer

About The Position

Requirements

• 5+ years in security and/or software engineering, with focus on implementation and execution
• 5+ years of hands-on programming in Python or Java with demonstrated ability to build production-quality security tooling and automation
• 3+ years of hands-on GCP experience including GKE, Cloud Run, IAM, Secret Manager, and security services
• Container / mesh networks (GKE, Docker, Kubernetes security, image scanning, Binary Authorization, SBOM)
• Infrastructure-as-code proficiency (Terraform preferred) for deploying and maintaining security infrastructure
• Troubleshooting expertise with ability to debug complex issues in production cloud environments

Nice To Haves

• GCP Professional Cloud Architect or Professional Cloud Security Engineer certification
• OSCP or comparable hands-on offensive-security certifications (e.g., OSEP, GXPN, PNPT) demonstrating strong adversarial reasoning and exploit-focused problem-solving capability.
• Experience with offensive-security methodologies (e.g., understanding attack chains, exploitation fundamentals, or red-team tooling) applied to defensive engineering contexts
• Interest in applied security research—such as vulnerability discovery, protocol analysis, or emerging-threat investigation

Responsibilities

• Implement complex security solutions, including Cloud and SaaS security, and service account protections, and Application Security.
• Build production-ready security automation using Python or Java to scale security operations and reduce manual toil
• Execute security projects from requirements through deployment with minimal guidance, delivering high-quality results on time
• Troubleshoot complex security issues in production environments, conducting deep technical analysis and implementing fixes quickly
• Implement GKE security controls
• Build and maintain cloud security infrastructure using Terraform
• Configure GCP security services such as VPC Service Controls, Private Service Connect, Cloud Armor policies, IAM roles, and Secret Manager
• Execute API security assessments by conducting security reviews, identifying vulnerabilities, and implementing remediation
• Execute vulnerability remediation workflows for application, container, Cloud, and SaaS vulnerabilities within defined SLAs
• Build security dashboards and reporting to track vulnerability MTTR, security control effectiveness, and false positive rates

Benefits

• ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.