Remotery

Staff Product Security Engineer

Posted 5 hours ago

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead security architecture/design evaluations and threat modeling sessions with product and engineering teams utilizing STRIDE, PASTA, and attack tree methodologies.

• Convert identified threats into actionable, risk-assessed engineering remediations organized by severity.

• Perform hands-on penetration testing and security evaluations across our complete product stack, generating actionable reports for both engineering and leadership teams.

• Conduct Red-Team operations on our AI-driven products and development tools to assess for prompt injection, data exfiltration, MCP server exploitation, and tool misuse.

• Oversee PSIRT Operations by managing incoming vulnerability reports, leading technical investigations, coordinating remediation efforts with engineering, scoring severity (CVSS), overseeing coordinated disclosures with external researchers, and handling on-call incidents.

• Influence the security posture of our AI-assisted development environment by defining and enforcing enterprise policies for Claude and Cursor.

• Promote Security Culture by facilitating developer training on secure coding practices with AI assistants, advocating for security by design in products, and ensuring that every engineer recognizes that product security is an enabler rather than a barrier.


⛳️ Requirements

• Over 10 years of experience in product security covering application security, cloud security, and secure SDLC.

• Expert-level proficiency in Threat Modeling using STRIDE, PASTA, or equivalent methodologies across web, mobile, cloud, embedded, and AI systems.

• Hands-on experience in penetration testing across applications, APIs, cloud infrastructure, and hardware/firmware.

• Experience in PSIRT operations, including vulnerability intake and triage.

• Profound hands-on expertise in AI security and a deep understanding of the OWASP Top 10 for LLM, API, Web, Mobile, along with practical experience with MITRE.

• Strong hands-on experience with security tools such as SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor.

• Strong programming skills with the ability to review code, create security tools, automate workflows, and establish credibility with the engineering teams you collaborate with.

• Extensive technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.

• Solid understanding of programming languages & frameworks (e.g., Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (e.g., AWS, GCP, Kubernetes, Ambassador, Helm), and databases (e.g., MySQL, DynamoDB, Redis).


🏝️ Benefits

• Medical, dental, vision, and HSA match

• Paid life insurance, AD&D, and disability benefits

• Traditional 401k with company match

• Unlimited PTO

• Paid company holidays and pop-up bonus holidays

• Professional development stipends

• Mental health resources

• 1:1 financial planners

• Fertility healthcare

• 100% paid parental and caregiving leave, along with cleaning service and meals during your leave

• Flexible WFH options, including both remote and in-office opportunities

• Fully stocked kitchen, catered lunches, and occasional in-office happy hours

• Employee resource groups

People also viewed

Red River4 hours ago

Cybersecurity Subject Matter Expert – Managed Services

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Rimini Street4 hours ago

Security Product Services Engineer

BR flagBrazil OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Nasstar4 hours ago

Senior Security Control Manager

GB flagUnited Kingdom OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Reinsurance Group of America, Incorporated4 hours ago

Staff Cybersecurity Architect – Data Security, Data Loss Prevention

US flagMissouri OnlyFull-timeCybersecurity / Security Engineer$150.8k – $224.6k/year
ApplyView job
Case IQ5 hours ago

Information Security Compliance Associate

CA flagCanada OnlyFull-timeCybersecurity / Security Engineer$65k – $80k/year
ApplyView job
Phoenix Software Limited5 hours ago

Professional Services Engineer, Microsoft Cybersecurity

GB flagUnited Kingdom OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers