Senior Product Security Engineer

About The Position

Requirements

• 5+ years of experience in product security, application security, or security engineering.
• Strong knowledge of common vulnerabilities (OWASP Top 10, SANS Top 25) and secure development practices.
• Demonstrated experience with manual penetration testing, threat modeling, and exploitation techniques.
• Hands-on experience with security tooling and automation, including:
• SAST / DAST tooling and CI/CD integration
• Container image scanning (e.g., Trivy, Grype, Anchore)
• IaC security (e.g., Terraform, Helm, KICS, Checkov)
• Dependency and software supply chain security tools
• Experience with vulnerability management platforms and remediation workflows.
• Experience working with containerized environments, Kubernetes, and cloud platforms.
• Proven ability to integrate and automate security controls within CI/CD pipelines.
• Strong collaboration and communication skills across engineering and product teams.
• Experience supporting SOC 2, ISO 27001, or similar compliance frameworks.

Nice To Haves

• Relevant certifications (OSCP, OSEP, OSWE, GPEN, GWEB, GWAPT, GCSA) strongly preferred.
• Proficiency in scripting or programming (Go, Python, or similar) is a plus.

Responsibilities

• Secure Products & Infrastructure:
• Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines.
• Embed security requirements aligned with SOC 2, ISO 27001, and internal standards.
• Drive adoption and operationalization of SAST, DAST, container scanning, IaC security, and dependency analysis tooling.
• Integrate automated security testing into the SDLC to enable secure-by-design development.
• Offensive Security & Vulnerability Management:
• Lead application security reviews, threat modeling, vulnerability assessments, and penetration testing.
• Validate and prioritize findings based on exploitability and business impact.
• Partner with engineering teams to ensure timely, measurable remediation.
• Proactively identify and demonstrate security weaknesses to improve overall product resilience.
• Incident Response & Risk Reduction:
• Support investigation of product and infrastructure security incidents.
• Contribute to root cause analysis and durable remediation strategies.
• Identify systemic control gaps and implement long-term risk mitigation measures.
• Compliance & Assurance:
• Support product-level security reviews and audit activities.
• Coordinate evidence collection and control validation for SOC 2, ISO 27001, and enterprise requirements.
• Translate compliance requirements into actionable engineering controls.
• Cross-Product Security Leadership:
• Develop and maintain security expertise across multiple Mirantis products.
• Standardize security practices and tooling across teams.
• Strengthen program scalability and reduce single-point-of-failure risk.
• Security Advocacy & Enablement:
• Champion secure design principles and modern application security practices.
• Provide actionable guidance during architecture and code reviews.
• Drive continuous improvement and automation across the SDLC.

Benefits

• Work with an established Silicon Valley leader in the cloud infrastructure industry.
• Work with exceptionally passionate, talented and engaging colleagues, helping Fortune 500 and Global 2000 customers implement next-generation cloud technologies.
• Be a part of cutting-edge, open-source innovation.
• Thrive in the high-energy environment of a young company where openness, collaboration, risk-taking, and continuous growth are valued.
• Receive a competitive compensation package with strong benefits plan