Senior Product Security Engineer – Customer Platform

This is a fully remote position, open to applicants in United States.

📋 Description

• Define and enhance the product security architecture for Valon’s multi-tenant SaaS platform.

• Assist in the secure implementation of customer-facing security features in collaboration with Engineering (e.g., authentication/authorization models, identity integration, access controls, audit and logging, encryption/key management).

• Create and sustain security reference architectures and standardized secure design patterns for product teams.

• Lead threat modeling, security design, and code reviews for new features, services, and significant architectural modifications.

• Design and develop AI-assisted workflows that automate and expedite product security areas.

• Assess AI risks across both internal and external applications.

• Work together with Product, Engineering, Data, Compliance, Legal, and other teams to identify and manage product and data security risks.

• Assist in vulnerability triage, remediation strategies, and root cause analysis for product security concerns.

• Support security compliance and regulatory requirements (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence.

• Formulate, implement, and uphold security policies, standards, and procedures.

• Aid operational activities involving security advisory and consultative reviews, incident response, issue remediation, and other security processes.

⛳️ Requirements

• Focused experience in product security, application security, or security architecture roles, with responsibility for security design for SaaS platforms including multi-tenancy and customer-facing security capabilities.

• Strong background in cloud security and modern infrastructure, with practical experience in securing cloud environments (GCP preferred).

• Experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs).

• Expertise in designing secure platform controls (e.g., APIs, service-to-service authentication, encryption/KMS/CMEK, logging/monitoring).

• Proven ability to build and maintain security reference architectures.

• Extensive experience leading threat modeling and security design reviews, including security-focused code reviews.

• Applied knowledge of industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts).

• Highly hands-on engineer with a proven track record of operating independently, driving multiple complex cross-functional initiatives, and influencing independently.

• Excellent communication and collaboration abilities, including the capacity to articulate complex security concepts to both technical and non-technical audiences.

• Prior software engineering experience and/or coding proficiency (Python) is preferred.

• Experience in high-growth or startup environments is advantageous.

• 5+ years of experience in security engineering roles focused on product, application, and/or cloud security.

• Bachelor's degree in Information Security, Computer Science, Technology, or a related field.

• Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP, or similar).

🏝️ Benefits

• Competitive salary with a significant equity stake in the company and a 401k plan.

• We prioritize your physical and mental well-being with comprehensive medical, dental, and vision benefits.

• We provide pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient.

• A company-wide orientation to ensure a successful onboarding experience, along with various learning and development opportunities, including regular review cycles featuring 360-degree feedback.

• Quarterly budgets for team and company outings—use it for team swag, cooking classes, or team dinners!

• Flexible paid time off, sick days, and 11 company holidays.

• 12 weeks of fully paid leave for both birthing and non-birthing parents, allowing you to focus on your newest addition.