Senior Product Security Engineer

About The Position

Requirements

• 5+ years in application security, product security, or DevSecOps with a track record of shipping controls that earn adoption, not just approval.
• Hands-on builder. You define secure patterns, write code, and deliver tooling that holds up in production. You're a practitioner, not just an advisor.
• Experience conducting threat models and security architecture reviews across mobile (iOS/Android), cloud (AWS/GCP), and backend services (Java, Python, PHP).
• Practical experience securing AI/ML systems. You've worked with prompt pipelines, RAG architectures, model access controls, or agentic workflows and understand the trust, authorization, and data boundary problems they introduce.
• Working knowledge of ASPM platforms and security tooling: SAST, SCA, secret scanning, container scanning.
• Familiarity with CI/CD security integration.
• Solid grounding in secure development practices: OWASP Top 10, OWASP LLM Top 10, secure-by-design principles, and practical remediation guidance.
• Comfort with ambiguity. You're energized by first-draft standards, testing approaches, and scaling what works rather than waiting for a playbook.
• Strong cross-functional communication. You carry risk, tradeoffs, and technical decisions across engineering, product, and leadership without losing precision. You can reshape a risky decision clearly and constructively.

Nice To Haves

• Experience with multi-agent orchestration frameworks and their identity and authorization challenges.
• Background in consumer technology or privacy-sensitive domains where personal data is a core product obligation, not just a legal checkbox.
• Experience securing location-based services or products involving data from minors.
• CISSP, OSCP, GWAPT, or similar certifications.
• Contributions to open-source security tools, public research, or conference speaking.

Responsibilities

• Conduct security architecture reviews across mobile (iOS/Android), backend (Java, Python, PHP), data pipelines, and third-party integrations.
• Translate threat models and security requirements into pragmatic guidance engineers can act on.
• Build trusted relationships with product and platform engineering teams.
• Further operationalize and tune ASPM tooling (Cycode) to unify SAST, SCA, secret scanning, and container security into actionable signal, not noise.
• Build security-as-code patterns and pre-approved libraries that make the secure path the default path.
• Automate vulnerability triage, deduplication, and routing so the team spends time on judgment, not toil.
• Drive SLA-based remediation workflows with clear severity definitions, ownership, and escalation paths.
• Build metrics that translate security posture into language engineering leadership and executives can use.
• Partner on design reviews for AI-powered features: model access controls, data boundary enforcement, and retrieval system authorization.
• Contribute to securing agent workflows, MCP integrations, and shared AI tooling as adoption scales across engineering.
• Work with Privacy, Legal, and Data Platform on controls for sensitive data: real-time location, family relationships, and data involving minors.

Benefits

• Competitive pay and benefits
• Medical, dental, vision, life and disability insurance plans (100% paid for employees)
• 401(k) plan with company matching program
• Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
• Flexible PTO, 13 company-wide days off throughout the year
• Winter and Summer Weeklong Synchronized Company Shutdowns
• Learning & Development programs
• Equipment, tools, and reimbursement support for a productive remote environment
• Free Life360 Platinum Membership for your preferred circle
• Free Tile Products