Security Engineer, Product Security

About The Position

Requirements

• Proven experience as a Security Engineer with a focus on product security.
• Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes.
• Strong understanding of modern Javascript application design.
• Production experience with Kubernetes backed services
• Hands-on experience with SAST and DAST tools and methodologies.
• Familiarity with terraform orchestration for infrastructure management.
• You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input.
• Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders.
• Demonstrated ability to influence security strategies and drive improvements within a team.

Nice To Haves

• Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus.

Responsibilities

• Conduct in-depth code reviews to identify and remediate security vulnerabilities.
• Evaluate and enhance the security of our product offerings, through RFC and service review.
• Implement and maintain CI/CD pipelines with a strong focus on security.
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code.
• Utilize terraform orchestration to ensure secure and efficient infrastructure management.
• Guide engineering teams to build robust long-term solutions that consider security and privacy.
• Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
• Influence the security strategy and direction of the team, advocating for best practices and continuous improvement.

Benefits

• Comprehensive health, dental and vision coverage
• retirement benefits
• a learning and development stipend
• generous PTO
• a commuter stipend