Senior Product Security Engineer

About The Position

Requirements

• 8+ years of experience in security engineering, application security, or product security roles, with at least 3 years in a senior or lead capacity.
• Demonstrated experience building or maturing security programs in high-growth SaaS environments, with a track record of driving measurable improvements.
• Hands-on experience with SAST, DAST, SCA, and container scanning tools (e.g., Snyk, Semgrep, Trivy, Wiz, Qualys, or equivalents).
• Proven ability to integrate scanning tooling into CI/CD pipelines (GitHub Actions, GitLab CI, or similar) and drive cross-team remediation at scale.
• Deep familiarity with secrets management solutions such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
• Experience auditing codebases and infrastructure for static credentials and leading large-scale rotation and migration efforts.
• Proficiency in structured threat modeling methodologies (STRIDE, PASTA, or equivalent) and experience delivering programs that engineers actually use.
• Ability to translate threat models into concrete, prioritized engineering requirements.
• Strong understanding of cloud security posture across AWS, Azure, and/or GCP, including IAM, network security groups, storage policies, and logging.
• Comfort working in containerized, microservices environments (Kubernetes, Docker).
• Exceptional ability to communicate risk and security requirements to both technical and non-technical audiences.
• A track record of driving security outcomes through influence rather than mandate, building trust with engineering teams rather than friction.

Responsibilities

• Own and advance Command|Link's vulnerability management program end-to-end, from tooling and deployment through SLA definition and enforcement.
• Define and drive quarterly vulnerability targets, including the goal of zero critical vulnerabilities outstanding across all engineering teams each quarter.
• Partner with engineering leads to integrate vulnerability scanning into CI/CD pipelines and create visibility dashboards that hold teams accountable.
• Triage, prioritize, and track remediation of findings across our cloud infrastructure, application layer, and third-party dependencies.
• Own and drive our company-wide secrets management program, maintaining and enforcing clear standards for how credentials are created, stored, rotated, and retired.
• Partner with engineering teams to meet regular credential rotation targets and enforce consistent hygiene practices across the organization.
• Champion the adoption of dynamic secrets management and modern identity-based access patterns as the default over long-lived static credentials.
• Implement controls and processes to maintain ongoing visibility into credential health and reduce the risk surface associated with credential mismanagement.
• Lead and deepen our threat modeling framework, ensuring security evaluation is woven into the SDLC well before features reach production.
• Develop threat modeling templates, playbooks, and training materials that enable engineering teams to self-serve on security reviews for new features and services.
• Conduct threat models for high-risk features, new service designs, and major architecture changes, producing actionable remediation guidance.
• Ensure security requirements derived from threat models are tracked as first-class engineering deliverables.
• Act as the internal security advocate, growing our Security Champions program and deepening security ownership across each engineering team.
• Deliver security awareness training, conduct secure code review workshops, and build the documentation and runbooks that scale your impact beyond your direct work.
• Partner with Product and Engineering leadership to ensure security is a named requirement in product roadmap planning.
• Support and advance our SOC 2 and other compliance postures by ensuring technical controls are implemented, documented, and auditable.
• Identify, assess, and communicate security risk in business terms, helping leadership make informed trade-off decisions.
• Takes on additional responsibilities and projects as needed to support the success of the team and organization.

Benefits

• Generous Medical, Dental, and Vision coverage for full-time employees
• Flexible time off
• 401k to help you save for the future
• Fun events at cool locations
• Free DoorDash lunches on Fridays
• Employee referral bonuses to encourage the addition of great new people to the team