Senior Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop and sustain the product security tooling pipeline that is seamlessly integrated throughout the software development lifecycle. Implement and optimize Claude Code Security, Codex Security, GitHub Advanced Security (including code scanning, secret scanning, and Dependabot), and Wiz CLI across repositories and CI/CD pipelines. Take ownership of configuration, policy enforcement, and the continuous enhancement of these tools to ensure engineering teams receive precise, actionable security feedback promptly.

• Design and manage automated product security review processes that include human-in-the-loop checkpoints. Utilize Claude and LLM platforms to automate initial review triage, risk classification, and recommendation generation, escalating to Security Architects or senior engineers for decisions that require professional judgment. The objective is to ensure that every change receives adequate security review coverage without manual review becoming a bottleneck.

• Guarantee that security tooling integrates smoothly into engineering workflows: including GitHub PRs, CI/CD pipelines, IDE plugins, and developer dashboards. Minimize false positives, adjust rulesets to reflect the product's actual risk profile, and establish feedback loops to enhance findings over time. You will be responsible for the engineering experience related to security tooling, ensuring that when a developer engages with a security gate, the experience is clear, rapid, and beneficial.

• Utilize Claude Code Security, Codex Security, and LLM platforms to create automation that scales security engineering efforts. This encompasses automated code review triage, vulnerability pattern detection, fix suggestion generation, policy-as-code enforcement, and security review summarization. Contribute reusable prompts, skills, and plugins back to the shared library of the Product Security team.

• Assist in product incident response in collaboration with the Product Security team. Aid in investigating security incidents impacting products, assess the scope of impact, coordinate with engineering on urgent fixes, and contribute to root cause analysis and post-incident enhancements.

• Collaborate closely with Security Testers to ensure that scanning and automated tooling provide validated findings into their workflow. Partner with Architects to translate secure design standards into enforceable pipeline policies. Coordinate with the TPM on tracking and reporting for findings generated by tooling. Be the primary contact for engineering teams regarding security tooling inquiries, configuration, and troubleshooting.

⛳️ Requirements

• 4+ years of experience in Application Security, Product Security, DevSecOps, or Security Engineering, with practical experience in building and managing security tooling within CI/CD pipelines.

• Proven experience in implementing and fine-tuning SAST, DAST, SCA, and secret scanning tools in GitHub-integrated environments (such as GitHub Advanced Security, CodeQL, Dependabot, or similar).

• Practical experience with AI-driven security tools like Claude Code Security, Codex Security, or comparable LLM-based code analysis platforms.

• Strong comprehension of CI/CD pipeline architecture and how to integrate security controls without hindering developer productivity.

• Experience in creating automation workflows: including scripting, pipeline configuration, policy-as-code, webhook integrations, and workflow orchestration.

• Familiarity with container security scanning tools (Wiz CLI, Trivy, Snyk Container, or equivalent) and foundational knowledge of cloud security (preferably AWS).

• A solid understanding of common vulnerability classes sufficient to adjust tooling, triage findings, and engage credibly with engineers regarding severity and remediation.

• Excellent collaboration skills. You will interact daily with Security Testers, Architects, TPM, and engineering teams, requiring effective communication with all parties.

• An automation-first attitude. You prioritize building repeatable, scalable workflows and resort to manual processes only when automation is genuinely inadequate.

• Experience with GitHub Advanced Security at scale, including custom CodeQL queries, secret scanning custom patterns, and organization-wide implementation.

• Background in utilizing Wiz CLI or similar cloud/container security scanning integrated within CI/CD.

• Experience in supporting product incident response or security incident investigations.

• Familiarity with policy-as-code frameworks (such as OPA/Rego, Kyverno, or similar).

• Background in securing endpoint technologies, identity systems, or enterprise security platforms.

• Experience in developing developer enablement programs, security documentation, or self-service security tooling.

• Cloud security experience across AWS, Azure, or Kubernetes environments.

🏝️ Benefits

• Diversity. Inclusion. These are more than just words for us. They represent the guiding values that shape how we build our teams, nurture leaders, and foster a culture where individuals feel connected.

• We prioritize our employees' well-being so they can focus on serving our customers—who come from diverse backgrounds, just like us. We seek exceptional talent from various backgrounds because we believe that our differences make us stronger together.