Senior Product Security Engineer - Applications

About The Position

Requirements

• Bachelor’s degree in Computer Science, Electrical Engineering, a related field, or equivalent professional experience. Master’s degree is a plus.
• 5+ years of combined hands-on experience in software engineering and application and infrastructure security, including securing cloud-based and containerized environments.
• Demonstrable experience with product and application security concepts, including API, web, and mobile app security.
• Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership.
• Proven ability to establish credibility and build trust with engineers and operational staff.
• Expertise in conducting comprehensive threat modeling, risk assessments, and code reviews to identify and mitigate vulnerabilities.
• Experience building, deploying, and securing workloads and infrastructure in Google Cloud Platform (GCP).
• Experience utilizing and securing AI/ML models and AI-integrated solutions, a general understanding of AI concepts, AI governance and risk management, and a willingness to learn more.
• Proficient in modern security frameworks, tools, and techniques. Familiarity with security standards and frameworks such as ISO, NIST, OWASP, etc.
• Proficiency in secure SDLC practices, commercial and open-source security testing tools (SAST, DAST, SCA, fuzzing), container security (Docker, Kubernetes), and cloud security (GCP, AWS, Azure).
• Practical experience securing CI/CD pipelines; Infrastructure-as-Code (IaC) tools like Terraform; GitLab and/or Github; artifact management.
• Strong understanding of both human and non-human identity management, enterprise and consumer authentication standards and use cases, and common protocols including OAuth and SAML.
• Experience overseeing vulnerability and threat management at the platform and application levels.
• Strong understanding of cryptography and key management use cases.
• Proficiency in one or more modern programming languages like NodeJS, Golang, Python, Java, and C/C++.

Nice To Haves

• Consulting or other practical experience in application security, penetration testing, and/or red teaming.
• Experience with AI-enabled application security programs, security assessments, and penetration testing.
• Experience researching, recommending, and operationalizing AI security products and features.
• Deep knowledge of cloud security, networking security, Android or iOS security, IoT, or Wi-Fi.
• Security or technical conference participation, paper submissions, and public presentations.
• Participation in cyber security and/or open-source software communities.

Responsibilities

• Collaborate with engineering and product teams to integrate security and secure-by-default guardrails into the product lifecycle, ensuring that security is a core consideration in all design and development decisions.
• Conduct Threat Modeling and Risk Assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies.
• Perform rigorous security testing and reviews to uncover and address security weaknesses.
• Lead initiatives automating security processes from the developer workstation to cloud, SaaS, and datacenter environments.
• Design, build, deploy, and support security-focused solutions across cloud and on-premise footprints.
• Foster a security-first culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship, cultivating a strong security mindset.
• Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements.
• Contribute to incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences.