Product Security Engineer

Why Join Our Security Team:

We take a unique approach to security, prioritizing enabling our customers and empowering our teams rather than relying solely on traditional security gates. We integrate pragmatic risk decision-making into our product development lifecycle, offering clear, scalable, and secure-by-default solutions. As part of a forward-thinking team, you’ll have the opportunity to implement emerging security solutions to protect our products, employees, and customers.

This role will primarily focus on application and product security, threat modeling, including bug bounty management, incident response, vulnerability management, and automation. You'll also have the opportunity to expand into other areas of security, providing strategic guidance and leadership in securing our cloud-native applications.

Qualifications:

• 6+ years of experience in application security, product security consulting, or a similar role, with hands-on expertise in cloud security (AWS, GCP, Azure).
• Strong experience in securing cloud-based infrastructure and container technologies (Docker, Kubernetes).
• Expertise in programming languages such as Python, Java, JavaScript, Go, and Ruby on Rails, with a deep understanding of secure coding practices (e.g., input validation, session management).
• Extensive experience in penetration testing, vulnerability assessments, and conducting threat modeling exercises.
• Hands-on experience with security scanning tools and secure development lifecycle processes.
• A strong track record of working with development teams to integrate security into the software development lifecycle, from CI/CD pipelines to runtime.
• Experience in driving security processes and educating developers on secure coding practices.

You Are:

• A strategic thinker who can influence at all levels of the organization and drive security initiatives across the product lifecycle.
• A leader who can mentor and guide teams to integrate security seamlessly into product development processes.
• Experienced in making tough security decisions, balancing risk with business needs, and ensuring that security is an enabler of growth.
• A clear communicator with the ability to articulate security risks and solutions to both technical and non-technical stakeholders.
• Passionate about creating a security-first culture and promoting best practices across teams.
• Experienced in using data-driven approaches to identify security risks and track progress towards mitigation.

Nice-to-Have:

• Familiarity with GraphQL and experience with securing API-driven applications.
• Experience integrating security tools within the CI/CD pipeline.
• Knowledge of securing software development lifecycles, including automated and manual application security testing and source code reviews.