Product Security Engineer

Role Overview:
You will be responsible for ensuring the security of web/mobile apps, microservices, APIs, and cloud environments. You will conduct security reviews, threat modeling, and implement secure patterns. Additionally, you will embed security in CI/CD pipelines, perform vulnerability assessments, penetration testing, and work on cloud and platform security.

Key Responsibilities:

• Perform security reviews of web/mobile apps, microservices, and APIs
• Conduct threat modeling for new and existing features
• Design and implement secure patterns in a cloud native environment
• Embed security into CI/CD pipelines including SAST, DAST, SCA, container, and IaC scanning
• Help design, tune, and maintain security tooling
• Perform hands-on vulnerability assessments and penetration testing for various components
• Build scripts and automation for bug identification at scale
• Review and enhance the security of cloud accounts, IAM, network boundaries, and storage
• Collaborate with infra/platform teams to secure Kubernetes, serverless, and other PaaS components
• Work closely with developers to prioritize and remediate security issues
• Communicate security concepts clearly to non-security stakeholders

Qualifications Required:

• Hands-on product security experience with web application stacks on AWS, GCP, or Azure
• Track record of identifying security issues in web/mobile apps, APIs, backend systems, and cloud infrastructure
• Familiarity with architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless, etc.
• Ability to write scripts/automation in any language for testing purposes
• Understanding of balancing risk with business priorities
• Strong collaboration skills with engineering teams
• Genuine interest in security, research, and problem-solving

Additional Details:
Nice-to-Have Experience:

• Previous experience in high-performing product security teams at tech companies
• Security code review experience in Java, Kotlin, Go, Node.js, Python, React/React Native, etc.
• Experience with Kubernetes security, secrets management, multi-tenant SaaS security, privacy/security by design, contributions to open-source security tools, security research, or responsible disclosure programs. Role Overview:
  You will be responsible for ensuring the security of web/mobile apps, microservices, APIs, and cloud environments. You will conduct security reviews, threat modeling, and implement secure patterns. Additionally, you will embed security in CI/CD pipelines, perform vulnerability assessments, penetration testing, and work on cloud and platform security.

Key Responsibilities:

• Perform security reviews of web/mobile apps, microservices, and APIs
• Conduct threat modeling for new and existing features
• Design and implement secure patterns in a cloud native environment
• Embed security into CI/CD pipelines including SAST, DAST, SCA, container, and IaC scanning
• Help design, tune, and maintain security tooling
• Perform hands-on vulnerability assessments and penetration testing for various components
• Build scripts and automation for bug identification at scale
• Review and enhance the security of cloud accounts, IAM, network boundaries, and storage
• Collaborate with infra/platform teams to secure Kubernetes, serverless, and other PaaS components
• Work closely with developers to prioritize and remediate security issues
• Communicate security concepts clearly to non-security stakeholders

Qualifications Required:

• Hands-on product security experience with web application stacks on AWS, GCP, or Azure
• Track record of identifying security issues in web/mobile apps, APIs, backend systems, and cloud infrastructure
• Familiarity with architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless, etc.
• Ability to write scripts/automation in any language for testing purposes
• Understanding of balancing risk with business priorities
• Strong collaboration skills with engineering teams
• Genuine interest in security, research, and problem-solving

Additional Details:
Nice-to-Have Experience:

• Previous experience in high-performing product security teams at tech companies
• Security code review experience in Java, Kotlin, Go, Node.js, Python, React/React Native, etc.
• Experience with Kubernetes security, secrets management, multi-tenant SaaS security, privacy/security by design, contributions to open-source security tools, security research, or responsible disclosure programs.