Product Security Engineer

About the Role

We are seeking an experienced Product Security Engineer to join our team and help build security into every aspect of our product development lifecycle. In this role, you'll work closely with engineering, product, and DevOps teams to identify, assess, and mitigate security risks while enabling rapid and secure product delivery.

Key Responsibilities

Threat Modeling & Risk Assessment

• Design and conduct comprehensive threat modeling sessions for new features and system architectures

• Identify potential attack vectors and security vulnerabilities early in the development process




• Collaborate with product and engineering teams to prioritize security requirements based on risk assessment




• Develop and maintain threat models for existing and new products

Security Testing & Validation

• Perform security testing of web applications, mobile applications, and APIs




• Conduct static and dynamic application security testing




• Execute penetration testing and vulnerability assessments




• Review code for security vulnerabilities and provide remediation guidance




• Validate security controls and defensive measures

DevSecOps Integration

• Implement and maintain Static Application Security Testing (SAST) tools in CI/CD pipelines




• Deploy and optimize Dynamic Application Security Testing (DAST) solutions




• Establish cloud security best practices and tooling for AWS environments




• Build security gates and quality checks into development workflows




• Collaborate with DevOps teams to secure infrastructure as code

Security Automation & Tooling

• Develop automated security testing frameworks and scripts




• Build tools and integrations to streamline security processes




• Automate vulnerability scanning and reporting workflows




• Create self-service security tools for development teams




• Implement security orchestration and response automation

Security Analytics & Monitoring

• Design and implement security metrics and KPIs for product security




• Analyze security testing results and trends to identify systemic issues




• Build dashboards and reporting for security posture visibility




• Conduct security data analysis to inform strategic decisions




• Monitor and respond to security alerts and incidents

Cross-functional Collaboration

• Partner with engineering teams to provide security guidance and support




• Educate developers on secure coding practices and security requirements




• Work with product managers to balance security and business requirements




• Collaborate with infrastructure and platform teams on security architecture

Required Qualifications

• 5+ years of experience in product security, application security, or related cybersecurity roles




• Strong background in threat modeling and secure design review.




• Extensive experience with web application security testing and mobile application security for iOS and Android platforms




• Hands-on experience with DevSecOps practices and security tool integration




• Proficiency with SAST, DAST, Cloud Security tools




• Experience with security automation and scripting (Python, Bash)




• Background in security analytics and data analysis for security insights

Preferred Qualifications

• Experience with container security (Docker, Kubernetes)




• Knowledge of infrastructure as code security (Terraform, CloudFormation)




• Familiarity with security frameworks (NIST, ISO 27001, SOC 2)




• Experience with bug bounty programs and responsible disclosure




• Experience with compliance requirements (PCI DSS, GDPR)