Product Security Engineer

About The Position

Requirements

• 1–3+ years of experience in product security, application security, or software engineering
• Experience writing and maintaining code in JavaScript/TypeScript (or similar languages like Python or Ruby)
• Familiarity with common web and API vulnerabilities (e.g., OWASP Top 10)
• Exposure to security testing tools (SAST, DAST, dependency scanning, etc.)
• Experience working in or with cloud environments (AWS or similar)
• Ability to identify common security risks and suggest practical mitigations
• Understanding of secure coding practices and basic security controls
• Interest in how security decisions impact real-world product systems
• Strong communication skills and ability to work closely with engineering teams
• Willingness to ask questions, learn quickly, and take ownership of well-scoped problems
• Ability to contribute to team discussions and share security context effectively

Nice To Haves

• Experience with modern web architectures (Next.js, NestJS, GraphQL)
• Familiarity with containerization or Kubernetes
• Experience or interest in AI/LLM security, including

Responsibilities

• Partner with engineers to identify, triage, and remediate security issues in product features and services
• Participate in security reviews and threat modeling for new features and systems
• Perform security-focused code reviews and help identify common vulnerabilities
• Contribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stack
• Help implement and operate security tooling (SAST, DAST, dependency scanning, etc.)
• Support vulnerability management workflows, including internal findings and bug bounty reports
• Assist in investigating security issues and assessing risk and impact
• Collaborate with platform and infrastructure teams to improve application and cloud security posture
• Contribute to improving security practices in AWS-based environments
• Assist in identifying and mitigating risks in AI/LLM-powered features, including prompt injection, data leakage, and unsafe output handling
• Apply emerging best practices (OWASP Top 10 for LLM Applications) to real product use cases
• Contribute to security guidance, documentation, and training for engineering teams
• Help improve how security is integrated into the development lifecycle

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• Life, AD&D, and Disability Insurance
• Emergency Weather Support
• Wellness Apps
• Paid Parental Leave
• Paid Time off inclusive of holidays and sick time
• Commuter & Parking Accounts
• Lunches in the Office
• Internet and Phone Stipend
• One time WFH Office Set-Up Stipend
• 401(k) retirement plan
• Financial Planning
• Learning & Development Budget