Senior Staff Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Define and spearhead the long-term strategy, roadmap, and vision for product security, ensuring alignment with company objectives, risk tolerance, and regulatory standards.

• Act as the internal expert on application and product security, offering specialized guidance to engineering, product, and executive teams.

• Foster a company-wide culture of security accountability by integrating security considerations into the daily practices of every engineering team.

• Design and continuously enhance a top-tier Product Security program, encompassing threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security.

• Oversee the creation and enforcement of secure development standards across web, mobile, and cloud platforms, including secure coding practices, IaC policies, and API security frameworks.

• Identify and drive the resolution of systemic, high-impact vulnerabilities and architectural security weaknesses within Greenlight's platform.

• Lead and advance Greenlight's penetration testing initiative, leveraging both internal resources and external vendor collaborations.

• Collaborate with engineering and platform teams to develop security-enhancing features that safeguard our customers' financial information.

• Establish and direct incident response protocols for product-level security incidents, including root cause analysis and comprehensive remediation.

• Assess and integrate emerging security tools, techniques, and frameworks to maintain Greenlight's proactive stance against evolving threats.

• Mentor staff and senior engineers within the security and engineering domains, enhancing the overall security engineering proficiency of the organization.

⛳️ Requirements

• 12+ years of experience in product security, application security, or a related engineering field.

• Demonstrated success in defining and executing security programs at scale within complex, multi-platform settings.

• Practical experience in architecting and deploying security solutions and processes in production environments, enabling engineering teams to securely build and deploy at scale.

• Expert knowledge of web and mobile application security, covering OWASP Top 10, API security, and mobile threat vectors (iOS and Android).

• Extensive hands-on experience with the complete AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection.

• Strong understanding of cloud security architecture and controls, especially within AWS environments.

• Experience in leading or significantly influencing the security architecture of distributed, microservices-based systems.

• Proven background in developing and implementing security solutions.

• Ability to cultivate strong cross-functional relationships and influence engineering culture without direct authority.

• Excellent communication skills — capable of translating complex security risks into clear, actionable language for engineers, executives, and non-technical stakeholders.

• Experience working in regulated sectors (e.g., financial services, fintech, healthcare).

• Plus: Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent — and/or public code/research. Please share your GitHub or any public security work with us!

• Plus: Experience in building or scaling Product Security programs in rapidly growing startup environments.

• Plus: Familiarity with security tools such as Burp Suite or Kali Linux.

🏝️ Benefits

• Medical, dental, vision, and HSA match

• Paid life insurance, AD&D, and disability benefits

• Traditional 401k with company match

• Unlimited PTO

• Paid company holidays and pop-up bonus holidays

• Professional development stipends

• Mental health resources

• 1:1 financial planners

• Fertility healthcare

• 100% paid parental and caregiving leave, along with cleaning service and meals during your leave

• Flexible work-from-home options, including both remote and in-office opportunities

• Fully stocked kitchen, catered lunches, and occasional in-office happy hours

• Employee resource groups