Senior Product Security Engineer

About The Position

Requirements

• 10 years of deep technical expertise in application security and secure software development practices.
• Strong understanding of modern distributed systems, APIs, cloud-native architectures, and microservices.
• Experience with AI/ML security concepts, including risks such as prompt injection, data poisoning, and insecure model integrations.
• Hands-on experience with security tooling and automation (SAST/DAST, dependency scanning, IaC scanning, observability, runtime monitoring).
• Ability to conduct technical security reviews, threat modeling, and architectural risk assessments.
• Proven ability to mentor and influence engineering teams to adopt secure-by-default practices.
• Strong analytical and problem-solving skills with the ability to balance security rigor and product velocity.
• Excellent communication skills with the ability to articulate complex risks to both technical and non-technical stakeholders.

Nice To Haves

• Experience securing financial data, high-risk data flows, or data-intensive platforms.
• Experience with AWS cloud security, Kubernetes, and container security.
• Familiarity with CI/CD pipeline tooling such as GitHub Actions or Rundeck.
• Experience with Snowflake or similar data warehousing technologies.
• Understanding of regulatory and compliance frameworks relevant to AppSec and AI security (e.g., SOC 2, NIST).
• Background in offensive security or penetration testing (internal or third-party coordination).
• Experience supporting incident response, root-cause analysis, and security research.

Responsibilities

• Secure Architecture & Engineering
• Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives.
• Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews.
• Conduct technical security reviews—including code assessments, dependency analysis, and architectural risk evaluations—to proactively identify and remediate vulnerabilities.
• AI / ML Security
• Champion secure and responsible AI usage across Built’s product ecosystem.
• Drive security controls that address AI-specific risks such as prompt injection, data poisoning, insecure model integrations, and model-exploitation paths.
• Guide engineering and product teams on safe deployment patterns, monitoring, and ongoing validation of AI systems.
• Offensive Security & Testing
• Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do.
• Support planning and execution of external third-party penetration tests, ensuring findings are triaged and addressed effectively.
• Incident Response & Risk Management
• Participate in application-security–focused incident response activities, including investigation, containment, and root-cause analysis.
• Conduct ongoing security research and maintain awareness of emerging threats, especially those relevant to cloud-native systems and AI/ML technologies.
• Enablement, Leadership & Culture
• Mentor engineers and security team members, driving adoption of security-first principles and scalable secure-by-default patterns.
• Influence cross-functional teams through technical leadership, helping define security standards, guardrails, tooling, and long-term security strategy.
• Promote a culture of high trust, continuous learning, and technical excellence.

Benefits

• Competitive benefits including: uncapped vacation, health, dental & vision insurance
• 401k with match and expedited vesting
• Robust compensation package, including equity in the form of stock options
• Flexible working hours, paid family leave, ERGs & Mentorship opportunities
• Learning grant program to support ongoing professional development