Staff Product Security Engineer

Serves as a subject matter expert (SME) on Information Security. Identify and implement new security technologies and best practices. Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls. Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment. Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls. Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in. Learns with agility; empowered to update and enhance current security practices, tooling, and documentation. US Citizen or Green Card holder based in the US required to meet ITAR Compliance and regulatory requirements. Bachelor's degree in computer science, Information Security, Engineering, or an equivalent combination of practical experience. 5+ years of experience in Application Security, Product Security, or Software Security Engineering. Strong knowledge of Secure Software Development Lifecycle (SSDLC) practices. Hands-on experience with threat modeling, secure design reviews, and application security assessments. In-depth understanding of OWASP Top 10 and OWASP API Top 10. Experience using SAST, DAST, SCA, and secrets scanning tools and integrating them in CI/CD. Proficiency in at least one programming language: Java, Python, JavaScript/TypeScript, or Go. Experience securing mobile applications, including offline data and sync workflows. Secure REST and event-driven APIs used by customers, partners, and internal services. Exposure to AI/ML security, responsible AI practices, or model risk management. Strong understanding of cloud platforms (AWS, Azure, or GCP). Strong written and verbal communication skills with the ability to partner effectively with engineering and product teams. Experience securing Salesforce-based applications (Apex, Lightning, Salesforce security model). Experience integrating security controls into CI/CD pipelines (DevSecOps). Familiarity with container and Kubernetes security. Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT, and identity/security patterns. Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM). Experience working in regulated or compliance-driven environments. Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks. Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP.