Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead threat modeling initiatives for features and services where risk is significant.

• Collaborate with the ProdSec lead to transition the practice from ad-hoc requests to a structured, repeatable process.

• Manage the daily triage of CNAPP findings from start to finish.

• Contribute to SDLC tools, SAST/SCA workflows, and the triage of bug bounty submissions.

• Work alongside product engineering teams as a trusted reviewer.

• Integrate AI into workflows to enhance triage efficiency, summarize findings, and minimize manual effort.

• Gradually elevate the security baseline through comprehensive documentation, office hours, and enhancements to tools.

⛳️ Requirements

• 2 to 4 years of full-time experience in a security-centric position, preferably in AppSec, ProdSec, or cloud security.

• Proficiency in reviewing and assessing pull requests within a contemporary tech stack.

• Experience in participating in or leading threat modeling sessions.

• Familiarity with cloud security posture management.

• Strong foundational knowledge of OWASP Top 10, authentication and authorization frameworks, secrets management, and typical cloud misconfigurations.

• Practical experience with AI tools applied to security or engineering tasks.

🏝️ Benefits

• Restricted Stock Units (RSUs)

• Health, vision, and dental insurance

• Mental health benefits