
Staff Product Security Engineer
Posted 5 hours ago

Posted 5 hours ago
This is a fully remote position, open to applicants in United States.
• Lead security architecture/design evaluations and threat modeling sessions with product and engineering teams utilizing STRIDE, PASTA, and attack tree methodologies.
• Convert identified threats into actionable, risk-assessed engineering remediations organized by severity.
• Perform hands-on penetration testing and security evaluations across our complete product stack, generating actionable reports for both engineering and leadership teams.
• Conduct Red-Team operations on our AI-driven products and development tools to assess for prompt injection, data exfiltration, MCP server exploitation, and tool misuse.
• Oversee PSIRT Operations by managing incoming vulnerability reports, leading technical investigations, coordinating remediation efforts with engineering, scoring severity (CVSS), overseeing coordinated disclosures with external researchers, and handling on-call incidents.
• Influence the security posture of our AI-assisted development environment by defining and enforcing enterprise policies for Claude and Cursor.
• Promote Security Culture by facilitating developer training on secure coding practices with AI assistants, advocating for security by design in products, and ensuring that every engineer recognizes that product security is an enabler rather than a barrier.
• Over 10 years of experience in product security covering application security, cloud security, and secure SDLC.
• Expert-level proficiency in Threat Modeling using STRIDE, PASTA, or equivalent methodologies across web, mobile, cloud, embedded, and AI systems.
• Hands-on experience in penetration testing across applications, APIs, cloud infrastructure, and hardware/firmware.
• Experience in PSIRT operations, including vulnerability intake and triage.
• Profound hands-on expertise in AI security and a deep understanding of the OWASP Top 10 for LLM, API, Web, Mobile, along with practical experience with MITRE.
• Strong hands-on experience with security tools such as SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor.
• Strong programming skills with the ability to review code, create security tools, automate workflows, and establish credibility with the engineering teams you collaborate with.
• Extensive technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.
• Solid understanding of programming languages & frameworks (e.g., Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (e.g., AWS, GCP, Kubernetes, Ambassador, Helm), and databases (e.g., MySQL, DynamoDB, Redis).
• Medical, dental, vision, and HSA match
• Paid life insurance, AD&D, and disability benefits
• Traditional 401k with company match
• Unlimited PTO
• Paid company holidays and pop-up bonus holidays
• Professional development stipends
• Mental health resources
• 1:1 financial planners
• Fertility healthcare
• 100% paid parental and caregiving leave, along with cleaning service and meals during your leave
• Flexible WFH options, including both remote and in-office opportunities
• Fully stocked kitchen, catered lunches, and occasional in-office happy hours
• Employee resource groups
Red River
Rimini Street
Nasstar
Reinsurance Group of America, Incorporated
Get handpicked remote jobs straight to your inbox weekly.