Product Security

About The Position

Requirements

• 5+ years in offensive or defensive security roles with a proven track record of securing enterprise-level cloud platforms
• Expertise in OWASP Top 10 (Open Web Application Security Project) and SANS Top 25 (SysAdmin, Audit, Network, and Security)
• Working knowledge of at least two of the following languages: Java, C#, PHP, or Python
• Familiarity with security tooling such as Snyk, Semgrep, GitHub Actions, Dynamic Application Security Testing (DAST), and Static Application Security Testing (SAST)
• Strong communication skills with the ability to translate complex vulnerabilities such as heap-buffer overflows or Insecure Direct Object References (IDOR) into business risk that stakeholders can understand
• Curiosity and willingness to adopt AI tools to work smarter, deliver better results, and continuously grow technical knowledge

Nice To Haves

• Offensive security certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), or GIAC Web Application Pentester (GWAPT)
• AWS Cloud Security Specialist or Google Cloud Platform (GCP) Cloud Security Expert certification
• Active participation in bug bounty programs (HackerOne, Bugcrowd) or contributions to open-source security tools and research
• Experience with the Salesforce ecosystem
• Applying AI tools such as Claude, Cursor, or Gemini to security assessments

Responsibilities

• Embed security controls throughout the entire Software Development Life Cycle (SDLC)
• Lead deep-dive threat modeling sessions for complex Salesforce Marketing Cloud (SFMC) integrations
• Perform manual, agentic, and automated secure code reviews across Java, C#, PHP, and Python
• Conduct and coordinate penetration tests for high-risk features on internal and external-facing assets
• Design and evaluate robust authentication and authorization (AuthN/AuthZ) frameworks including modern identity protocols such as Security Assertion Markup Language (SAML), OAuth 2.0, and OpenID Connect (OIDC)
• Audit and harden cloud infrastructure supporting our environment, ensuring least-privilege access, resilient configurations, and adherence to security best practices
• Provide subject-matter expertise on identity management, email and messaging platform security, and Agentic AI, translating complex technical risks into clear business impact for engineering partners and leadership

Benefits

• time off programs
• medical
• dental
• vision
• mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program