Product Security Engineer

About The Position

Requirements

• Bachelor’s degree or equivalent experience in Computer Science, Engineering, or a related field, with at least 3-5 years of practical experience.
• In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
• Strong understanding of common security concepts to support root-cause analysis and enable data-driven decisions on vulnerability patterns and trends.
• Proficiency with JIRA and PowerBI.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Experience conducting vulnerability assessments and using Burp Suite.
• Dependability: Shows dedication, works independently, accepts accountability, adapts to change, sets personal standards, and remains focused under pressure.
• Ability to communicate professionally and effectively.

Nice To Haves

• Experience with automation and scripting is highly desirable.
• Strong knowledge of LLM (Large Language Model) testing methodologies.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Ability to develop and complete AI-specific test cases.

Responsibilities

• Support the security testing program’s initiatives to ensure comprehensive testing coverage for all products and collaborate closely with engineering and product teams to define scope, schedule, and successfully complete outsourced penetration tests.
• Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives.
• Define AI testing scope for penetration testing and bug bounty programs.
• Drive resolution of security issues through ongoing engagement with engineering teams.
• Capture all relevant data and results from testing to analyze metrics and enhance the effectiveness of security assessments.
• Build Security Testing reports for products to provide transparency into all security testing coverage and results.
• Validate, reproduce, and assess the severity of bug bounty reports, and provide support to product teams on existing issues.
• Communicate directly with external researchers regarding bug bounty reports on reported vulnerabilities.
• Lead initiatives, campaigns, and analytics on vulnerability data and propose initiatives for improvement.
• Triage, validate, and retest security vulnerabilities, and offer mentorship for product teams regarding remediation efforts.
• Develop dashboards in PowerBI to support data-driven analysis and remediation efforts.

Benefits

• comprehensive benefits programs