Staff Product Security Engineer

About The Position

Requirements

• You have 12+ years of hands-on experience in Product Security, Application Security, or Cloud Security.
• You are proficient in code review and development in languages like Rust, Go, and Python.
• You have extensive experience securing modern AWS architectures and developing secure infrastructure-as-code (e.g., Terraform and CDK).
• You are an expert in leading threat modeling sessions and providing actionable guidance to engineering teams.
• You have a strong background in implementing and managing security tooling (SAST, DAST, SCA) and embedding security into CI/CD pipelines.
• You have a deep understanding of web and API security principles (OWASP Top 10) and have experience securing distributed, mobile-first systems.

Nice To Haves

• Experience scaling a security champions program
• expertise in Kubernetes (EKS) and container security
• a particular interest in securing mobile applications or smart contracts.

Responsibilities

• Lead secure architecture reviews and threat modeling sessions for new application and cloud services.
• Engineer and implement automated security guardrails and reusable libraries to make the secure path the easy path for developers.
• Perform deep-dive, security-focused code and infrastructure reviews in languages like Rust, Go, and Python.
• Own the vulnerability management process, from triaging bug bounty submissions to driving remediation efforts with engineering teams.
• Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing engineering organization.

Benefits

• healthcare
• dental
• vision
• 401(k) plan and match
• life insurance
• flexible time off
• commuter benefits
• professional development stipend