Sr Product Security Engineer

About The Position

Requirements

• 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development
• Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation
• Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation
• Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits
• Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products
• Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications
• Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities
• Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security
• Strong communication skills: ability to explain complex exploitation chains and deliver clear risk narratives to leadership

Nice To Haves

• Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms
• Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms
• Experience with mobile application security testing and thick client assessments
• Familiarity with container security, Kubernetes security, and infrastructure-as-code scanning
• Experience working with bug bounty programs, vulnerability disclosure programs, or coordinated disclosure
• Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent hands-on credentials
• Contributions to security research, open-source security tooling, or published vulnerability disclosures

Responsibilities

• Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services.
• Use AI tools to analyze code paths, trace data flows, identify attack surfaces, and generate targeted test cases.
• Build AI-powered threat hunting skills and fuzz factory plugins.
• Develop custom fuzzers that understand product-specific protocols, input formats, and business logic.
• Create reusable skills and agent workflows to automate the discovery of vulnerability classes.
• Develop working proof-of-concept exploits for discovered vulnerabilities.
• Use AI tools to accelerate exploit development, generate payloads, and validate exploitation chains.
• Validate vulnerabilities from all sources, confirm exploitability, assess severity, and deliver fix recommendations.
• Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities.
• Turn validated exploitation paths into detection signatures, monitoring rules, and runtime protections.
• Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines.
• Develop custom SAST rules and automated validation workflows.
• Contribute prompts, skills, plugins, and agent pipelines to the team's shared tooling library.
• Participate in threat modeling exercises, identify abuse cases, and map exploitation paths.

Benefits

• Diversity
• Inclusion
• Flexibility
• Trust
• Continual learning