Senior Product Security Engineer

This is a fully remote position, open to applicants in California, +3 more states.

📋 Description

• Take ownership of the complete vulnerability lifecycle: from intake, triage, and assignment to remediation coordination, verification, and closure across all sources of findings.

• Implement severity-based SLAs, escalation procedures, and ownership expectations. Monitor remediation timelines and engage with engineering teams to ensure findings are addressed within policy stipulations.

• Centralize findings from all scanning tools and sources into a cohesive tracking system.

• Oversee exception and risk acceptance processes. Handle exception requests, document compensating controls, and ensure that approvals are obtained with the necessary evidence.

• Generate vulnerability posture reports and dashboards.

• Collaborate with engineering teams on prioritizing remediation efforts, providing context on severity, exploitability, and business impact to facilitate informed decision-making.

• Promote the reduction of outstanding findings through proactive follow-ups, workflow automation, and escalation when remediation efforts stagnate.

• Support the DevSecOps Lead in implementing baseline security controls.

• Assist in integrating controls into repositories, CI/CD pipelines, registries, and deployment workflows.

• Verify that controls are operational as intended, yielding actionable findings, and are challenging to bypass.

⛳️ Requirements

• 3–6 years of experience in security operations, vulnerability management, application security, DevSecOps, or a similar security engineering position.

• Practical experience with vulnerability management processes — including intake, triage, assignment, remediation tracking, and reporting.

• Proficient understanding of common scanning tools and types of findings, such as dependency scanning (SCA), secrets scanning, IaC scanning, container scanning, and/or SAST/DAST.

• Familiar with Git-based workflows, CI/CD systems, and cloud-native development environments.

• Experience in creating security metrics, dashboards, and reports for both technical and leadership audiences.

• Strong organizational and follow-through abilities — capable of tracking numerous findings across various teams and driving them to resolution.

• Excellent written and verbal communication skills, with the capacity to coordinate between engineering, security, and business teams.

🏝️ Benefits

• Flexible work hours

• Flexible vacation

• Generous 401K match

• Parental leave

• Team events

• Wellness budget

• Learning reimbursement