Senior Product Security Engineer

About The Position

Requirements

• 5+ years of experience in product security, application security, or secure software engineering.
• Strong understanding of product architecture, APIs, and distributed systems.
• Experience performing threat modeling and security design reviews.
• Ability to assess security risk in the context of product functionality, customer experience, and business impact.
• Experience collaborating cross-functionally with product managers and engineering teams.
• Ability to influence and guide partners through collaboration rather than authority.
• Working knowledge of modern application development practices, CI/CD processes, and how security integrates into them.
• Familiarity with security tools including SAST, DAST, SCA, and related DevSecOps controls.
• Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), and secure design principles.
• Experience helping implementing security controls and automations within CI/CD pipelines.
• Strong communication skills with the ability to translate technical risks into clear, actionable guidance.
• Experience supporting interactions with external stakeholders such as customers, auditors, or partners on security-related topics.
• Familiarity with common compliance frameworks such as SOC 2, NIST, ISO 27001, PCI-DSS, and HIPAA.

Nice To Haves

• Background in software engineering, DevOps, or system architecture.
• Experience working with SaaS platforms in a product-focused environment.
• Familiarity with secure cloud architecture and configuration, particularly in AWS environments.

Responsibilities

• Lead threat modeling and security design reviews for assigned products and services.
• Partner with product managers and engineering leads to help define practical security requirements and guardrails while reducing friction points.
• Participation in the grows and evelotion of the Security Champion program helping enable and support secure development practices across the engineering teams.
• Assess product architectures, data flows, and integrations to identify security risks and provide actionable recommendations for remediation.
• Collaborate with teams to make informed, risk-based security decisions that consider real-world usage, customer impact, and business priorities.
• Provide clear, actionable guidance to engineering teams on secure design patterns and implementation patterns.
• Review and triage security findings from internal testing, bug bounty programs, and third-party assessments.
• Support vulnerability disclosure and coordinated response with in collaboration with security and engineering partners.
• Contribute to the development and adoption of secure-by-design patterns and reusable security components.
• Contribute ideas, feedback, and implementation support toward product security metrics, practices, and roadmap initiatives under the guidance of senior security leadership.
• Support DevOps and Application Security engineers by identifying gaps and assisting with improvements in existing DevSecOps workflows and CI/CD pipelines.
• Help implement and maintain security tooling and automation for static Analysis (SAST), dynamic analysis (DAST), and other automated security checks within the CI/CD workflows.
• Participate in audits and assessments by providing technical input and evidence in coordination with Risk & Compliance teams.
• Assist customer-facing teams with security reviews and questionnaires by providing technical context and documentation when requested.
• Stay current on emerging threats, attack techniques, and industry best practices.