Principal Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of and enhance the product security program, which encompasses security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering support.

• Lead security architecture evaluations and secure design initiatives for backend services, web applications, mobile applications, APIs, and remote devices.

• Examine source code and application architecture to uncover security vulnerabilities, insecure patterns, and operational risks.

• Collaborate closely with Engineering, DevOps, QA, Infrastructure, and Product teams to weave security into the software development lifecycle.

• Establish and uphold secure coding standards, development guidelines, and security best practices.

• Mentor and assist software engineers in secure development practices and remediation strategies.

• Conduct threat modeling and risk assessments for both new and existing products as well as infrastructure.

• Support incident response investigations, root cause analysis, and remediation planning.

• Assess third-party libraries, frameworks, and dependencies for security and operational risks.

• Work in partnership with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening.

• Lead vulnerability management initiatives, including prioritization, remediation guidance, and validation.

• Assist in defining and implementing logging, monitoring, and security alerting strategies.

• Collaborate with external security consultants and vendors for penetration testing and security assessments.

• Foster a security-first engineering culture throughout the organization.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.

• Over 7 years of experience in software engineering, application security, product security, or cybersecurity engineering.

• Deep understanding of secure application architecture and contemporary security practices for web, mobile, cloud, and distributed systems.

• Practical experience in reviewing source code and identifying security vulnerabilities.

• Familiarity with OWASP Top 10, secure coding standards, authentication/authorization models, API security, and vulnerability remediation.

• Experience securing cloud-native environments in AWS, Azure, or GCP.

• Strong grasp of CI/CD pipelines, DevSecOps practices, container security, and infrastructure security.

• Experience with threat modeling, coordination of penetration testing, and incident response processes.

• Capability to mentor engineers and influence technical direction across multiple teams.

• Excellent analytical, communication, and leadership skills.

🏝️ Benefits

• Health insurance

• Flexible work arrangements

• Professional development