Product Security Engineer

Movable Ink is hiring a Product Security Engineer to help secure our codebases, CI/CD pipelines, and development practices. To succeed in this role, you'll balance a security-first mindset with a practical understanding of how engineering teams ship software: finding ways to reduce risk without slowing down delivery. This is a hands-on opportunity to build and improve the automation that keeps our code and infrastructure safe, working closely with both the Security and Engineering teams. As AI coding tools and supply chain attacks increase risk across the industry, this role is critical to staying ahead of vulnerabilities before they reach production.

Responsibilities:

• Implement and maintain static application security testing (SAST) using Semgrep across our repositories


• Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies


• Manage secrets detection scanning (Trufflehog) and respond to findings


• Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged


• Triage and prioritize vulnerability findings, working with engineering teams to drive remediation


• Support dynamic application security testing (DAST) efforts using tools like ZAP


• Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation


• Set up and configure automation scripts to support our vulnerability management practices


• Document secure coding guidelines and help educate developers on security best practices


• Evaluate and recommend new security tools as the landscape evolves

Qualifications:

• 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role


• Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)


• Familiarity with CI/CD pipelines and GitHub Actions


• Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them


• Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)


• Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings


• Strong written communication skills for documentation and customer-facing security responses


• Self-motivated and able to manage competing priorities in a fast-paced environment

The base pay range for this position is $133,000-$173,000 CAD/year, which can include additional bonus depending on the position ultimately offered, in addition to a full range of medical, financial, and/or other benefits. The base pay offered may vary depending on job-related knowledge, skills, and experience.

Studies have shown that women, communities of color, and historically underrepresented people are less likely to apply to jobs unless they meet every single qualification. We are committed to building a diverse and inclusive culture where all Inkers can thrive. If you’re excited about the role but don’t meet all of the abovementioned qualifications, we encourage you to apply. Our differences bring a breadth of knowledge and perspectives that makes us collectively stronger.

We welcome and employ people regardless of race, color, gender identity or expression, religion, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, ethnicity, family or marital status, physical and mental ability, political affiliation, disability, Veteran status, or other protected characteristics. We are proud to be an equal opportunity employer.