Product Security Engineer

About The Position

Requirements

• 5+ years of experience in software engineering or security engineering, specifically focusing on product security or application security.
• Proficiency in one or more programming languages (e.g., Python, Go, Java, or JavaScript).
• Deep understanding of modern web/cloud architecture (e.g., APIs, Microservices, Kubernetes, AWS/GCP/Azure).
• Familiarity with the OWASP Top 10 and common exploitation techniques.
• Proven ability to influence and collaborate with engineering teams without hindering development velocity.
• Strong analytical skills to evaluate complex systems and design innovative, practical security solutions.

Nice To Haves

• Experience with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).
• Experience in designing cryptographic implementations or secure authentication/authorization flows (e.g., OAuth, OIDC, JWT).
• Knowledge of compliance frameworks relevant to our industry (e.g., SOC2, ISO27001, HIPAA).

Responsibilities

• Lead threat modeling sessions during the architectural design phase of new features to identify potential risk vectors early.
• Drive the adoption of "Shift Left" security practices, integrating security tooling (SAST, DAST, SCA) directly into developer workflows.
• Triage, prioritize, and partner with engineering teams to remediate vulnerabilities found in code, third-party libraries, and cloud infrastructure.
• Build, maintain, and tune security automation tools to reduce friction for developers while maintaining high-security standards.
• Develop and deliver training, coding patterns, and security guardrails to help engineering teams build resilient, secure-by-default products.
• Assist in identifying the root cause of security incidents related to product features and contribute to post-incident remediation and architectural improvements.
• Build out processes and automation to ensure the security of open-source dependencies.