Senior Product Security Engineer

About The Position

Requirements

• 5+ years of application/product security experience.
• 2+ years of experience securing Java, Python, and/or JavaScript web applications.
• Knowledge of enterprise-level software architecture components and cloud infrastructure.
• Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
• Experience with AI security tooling, context-aware automation for SSDLC.
• Understanding of AI privacy and governance in developer workflows.
• Experience using and building agentic AI systems that work collaboratively.
• Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
• Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues.
• A bachelor’s degree or equivalent related working experience is required.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

Nice To Haves

• Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling.
• Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
• Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
• Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
• Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
• Experienced in Linux and containerization in a cloud environment.
• Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
• Experienced in using SAST, DAST, and SCA tooling.
• Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.).
• knowledgeable of vulnerability management concepts, challenges, and reporting.
• Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
• Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001.

Responsibilities

• Application security for products and/or features supported by your assigned development teams.
• Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
• Leverage AI and MCP to create intelligent, context-aware security guidance and automation.
• Providing remediation consulting services to assigned development teams.
• Assist with vulnerability management reporting and tracking.
• Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
• Contribute to the configuration and management of security tools.

Benefits

• bonus potential
• equity for eligible roles
• a Flex Fund monthly stipend
• pension/401k plans
• competitive compensation
• health coverage
• time off