Senior Product Security Engineer – Customer Platform

📋 Description

• Define and enhance the product security architecture for Valon’s multi-tenant SaaS platform.

• Assist in the secure implementation of customer-oriented security features alongside the Engineering team (e.g., authentication/authorization models, identity integration, access controls, auditing and logging, encryption/key management).

• Develop and sustain security reference architectures and standardized secure design patterns for product teams.

• Oversee threat modeling, security design, and code reviews for new features, services, and significant architectural modifications.

• Create and implement AI-assisted workflows that streamline and expedite product security processes.

• Assess AI-related risks across both internal and external applications.

• Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to pinpoint and address product and data security risks.

• Assist in vulnerability triage, remediation strategies, and root cause analysis for product security challenges.

• Aid in meeting security compliance and regulatory requirements (e.g., SOC 2, CCPA, NYDFS, FTC), including engaging in customer-facing security discussions and due diligence.

• Formulate, implement, and uphold security policies, standards, and procedures.

• Support operational tasks such as security advisory and consultative reviews, incident response, issue remediation, and other security processes.

⛳️ Requirements

• Focused experience in product security, application security, or security architecture roles, with responsibility for security design in SaaS platforms that include multi-tenancy and customer-facing security capabilities.

• Strong foundation in cloud security and modern infrastructure, with practical experience in securing cloud environments (GCP preferred).

• Experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs).

• Expertise in designing secure platform controls (e.g., APIs, service-to-service authentication, encryption/KMS/CMEK, logging/monitoring).

• Proven ability to develop and maintain security reference architectures.

• Extensive experience leading threat modeling and security design reviews, including security-focused code reviews.

• Applied knowledge of industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts).

• Highly skilled hands-on engineer with a demonstrated capacity to work independently, manage multiple complex cross-functional initiatives, and exert influence independently.

• Exceptional communication and collaboration skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.

• Prior software engineering experience and/or coding proficiency (Python) is preferred.

• Experience in high-growth or startup environments is a plus.

• 5+ years of experience in security engineering roles focused on product, application, and/or cloud security.

• Bachelor's degree in Information Security, Computer Science, Technology, or a related field.

• Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP, or similar).

🏝️ Benefits

• Competitive salary with a significant stake in the company through equity, along with a 401k plan.

• We prioritize your physical and mental well-being with comprehensive medical, dental, and vision benefits.

• We provide pre-tax deductions for public transportation, rideshare services, and parking expenses to enhance the affordability and convenience of your commute.

• A company-wide orientation to ensure a successful onboarding experience, along with additional learning and development opportunities, including regular review cycles featuring 360-degree feedback.

• Quarterly budgets for team and company outings, which can be utilized for team swag, cooking classes, or team dinners!

• Flexible paid time off, sick days, and 11 company holidays.

• 12 weeks of fully paid leave for both birthing and non-birthing parents, allowing you to focus your energy on your newest addition.