Remoote.app

Work from anywhere. Start here.

JobsFree resume builderCompaniesLog in
Apply

Product Security Engineer

Posted 2024-11-19

View full description

💎 Seniority level: Senior

📍 Location: United States

💸 Salary: 157250 - 185000 USD per year

🔍 Industry: Healthcare technology

🏢 Company: Cedar

🗣️ Languages: English

🪄 Skills: Software Development

Requirements:
  • You’re an application security engineer who prioritizes addressing security challenges with technology, not process.
  • You have a demonstrated history of enabling software developers with actionable security guidance.
  • You’re comfortable communicating security risks and controls to technical and non-technical partners.
  • You have experience with security code review, threat modeling or security architecture reviews.
  • You can identify vulnerability paths, explain how they could be exploited, and are familiar with options for mitigation.
  • You have a working proficiency with a general-purpose programming language (ideally Python).
Responsibilities:
  • Support services and tools that help product and platform engineers build, deploy, and maintain Cedar products safely and efficiently.
  • Serve as a Security Partner for multiple engineering teams across the SSDLC, evangelizing security and helping threat model features, bake security into designs, and review code and implementations.
  • Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory.
Apply

Related Jobs

Apply
🔥 Senior Product Security Engineer
Posted 2024-11-21

📍 United States

🧭 Full-Time

💸 188000 - 230000 USD per year

🔍 Mental health care technology

  • 5+ years of experience in security and/or software engineering roles.
  • Demonstrated history of working on security-related projects.
  • Strong cross-functional experience with team collaboration.
  • Technical depth in building secure platforms and products.
  • Ability to tackle ambiguous problems in a fast-paced environment.
  • Focus on innovation in security and privacy technologies.
  • Results-driven and motivated by the mission to increase access to quality mental health care.

  • Partner with Product and Engineering for secure new product launches.
  • Engage in implementation efforts, security reviews, product design decisions, and auditing vulnerabilities.
  • Develop automated tooling for product security capabilities.
  • Define application guardrails for secure development practices.
  • Assist in ongoing security operations, including incident response and vulnerability management.

AWSPythonKafkaTypeScriptFastAPIPostgresProduct designRedisReactSpark

Posted 2024-11-21
Apply
Apply
🔥 Lead Product Security Engineer
Posted 2024-11-09

📍 USA

💸 212500 - 287500 USD per year

🔍 SaaS Security

🏢 Company: AppOmni

  • Excellent technical and non-technical communication skills.
  • Strong knowledge of cloud security best practices and experience supporting SaaS products.
  • Experience mentoring in security best practices.
  • Hands-on experience reviewing design implementations in Python 3, preferably with Django.
  • Experience with containerized environments and patching requirements.
  • An interest in data security and problem-solving skills.

  • Take ownership of AppOmni’s Secure SDLC.
  • Conduct design and code reviews.
  • Collaborate with Engineering scrum teams as the security champion.
  • Address challenging engineering problems related to security.

Mentoring

Posted 2024-11-09
Apply
Apply
🔥 Senior Product Security Engineer
Posted 2024-10-18

📍 USA

💸 127500 - 230000 USD per year

🏢 Company: Navan

  • Proven experience performing threat modeling and architecture reviews for complex applications.
  • Experience delivering critical org-wide product security initiatives.
  • Experience performing application, cloud, and mobile penetration testing.
  • 6-8 years of Technical Product Security related experience.
  • Ability to execute in multifaceted technical organizations.
  • Experience with Agile development and cloud environments like AWS.
  • Familiarity with application security testing tools, CI tools, and defect tracking systems.
  • In-depth knowledge of application/network protocols, cryptographic primitives, and security threats.

  • Act as the tech lead for high-priority product security initiatives.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Participate in expanding/maturing the Navan S-SDLC program.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Work with engineers to identify tradeoffs of different solutions.
  • Design and develop security tools and processes for development teams.
  • Assist in developing custom Security as Code solutions.
  • Provide training and guidance to development teams in the SSDLC.

AWSDockerAgileHibernateCSSJavaJavascriptJenkinsKubernetesSpringJavaScriptJiraStrategyJava SpringAngularCommunication Skills

Posted 2024-10-18
Apply
Apply
🔥 Product Security Engineer
Posted 2024-10-18

📍 USA

💸 105000 - 190000 USD per year

🏢 Company: Navan

  • Experience performing threat modeling and architecture reviews for complex applications.
  • Proven experience in application, cloud, and mobile penetration testing in high-risk environments like financial or healthcare companies.
  • 2-4 years of Technical Product Security experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
  • Ability to execute in multifaceted and highly technical organizations.
  • Ability to provide pragmatic security advice for web, mobile, and cloud applications.
  • Experience working in Agile development with technologies such as application security testing tools (SAST, DAST, etc.), Infrastructure as code (Terraform, etc.), Java Spring Framework, andContainers (Docker, Kubernetes, etc.)
  • In-depth knowledge of common application & network protocols, cryptographic primitives, and common security threats.
  • Deep knowledge of cloud operational models and secure SaaS architecture in containerized microservices.

  • Identifying security issues within the product.
  • Design and develop security tools and processes to be leveraged by development teams.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated activities.
  • Assist in developing custom Security as Code solutions.
  • Participate in expanding/maturing the Navan S-SDLC program.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Provide training and guidance to development teams early in the SSDLC.
  • Cultivate security ownership in product teams.
  • Bring visibility to product/application vulnerabilities for proper prioritization and remediation.

DockerAgileHibernateCSSJavaJavascriptJenkinsKubernetesSpringJavaScriptJiraJava SpringAngularCommunication Skills

Posted 2024-10-18
Apply
Apply
🔥 Principal Product Security Engineer
Posted 2024-09-20

📍 United States

🏢 Company: Unchained Capital, Inc.

  • 10+ years of experience in product/application security, security architecture, or security engineering roles, including leadership experience.
  • Deep hands-on technical expertise in secure development practices, cloud-native security architectures, threat modeling, and modern application security vulnerabilities and mitigations.
  • Strong experience with authentication protocols, cryptography, secrets management, and other foundational application security concepts.
  • Proven track record of building and scaling effective product security programs and teams.
  • Exhibits strong leadership skills and ability to set technical vision and direction.
  • Strong sense of ownership, urgency, and drive.
  • Analytical mindset with excellent problem-solving skills.
  • Team player with strong collaboration, communication, and influencing skills.
  • Comfortable diving deep into technical details while maintaining strategic perspective.
  • Adaptable and embraces change and continuous learning.

  • Provide strategic technical guidance to the Unchained Information Security team.
  • Establish security architecture standards and promote secure design practices.
  • Conduct in-depth application threat modeling and risk assessments.
  • Develop and enforce secure coding guidelines, static code analysis (SAST), dynamic testing (DAST), and secure build/deploy pipelines.
  • Design and oversee the implementation of robust security controls for authentication, authorization, cryptography, key management, and secrets management.
  • Proactively identify and mitigate OWASP Top 10 and other application security risks.
  • Collaborate with engineering teams to integrate effective security controls and testing into their SDLC.
  • Manage and influence senior-level stakeholder relationships, including security technology, engineering, and operations.
  • Drive innovation and strategic thinking to proactively tackle emerging security challenges at the company's scale.

LeadershipSoftware DevelopmentBlockchainCloud ComputingCybersecurityOAuthSoftware ArchitectureCross-functional Team LeadershipStrategyCommunication SkillsAnalytical SkillsCollaboration

Posted 2024-09-20
Apply
Apply
🔥 Senior Product Security Engineer
Posted 2024-07-27

📍 United States

🧭 Full-Time

💸 150000 - 200000 USD per year

🔍 Financial Technology

  • Deep understanding of web application architecture and design principles.
  • Experience with modern software development techniques for cloud-based services; preferred languages include Python, Kotlin, Java, as well as AWS and Azure.
  • Knowledge of common security flaws as per OWASP and SANS.
  • Experience with PCI or other regulated environments.
  • Experience in threat modeling for complex distributed products.
  • Familiarity with standard authentication mechanisms like SAML and OAuth2.
  • Understanding of continuous integration and deployment processes and tools.
  • BS or equivalent in a related field; MS or equivalent preferred.

  • Partner with Affirm product teams to ensure security in all phases of product development.
  • Conduct threat modeling and architecture reviews to mitigate understood threats.
  • Review product source code for vulnerabilities and recommend secure implementations.
  • Identify opportunities for automation in processes.
  • Detect and develop solutions for emerging classes of vulnerabilities.
  • Assist teams in security-focused test cases to meet security requirements.
  • Advise on business security requirements early in product development.
  • Decompose projects into tasks, manage scope, and drive project closure.

AWSPythonSoftware DevelopmentJavaKotlinProduct DevelopmentAzure

Posted 2024-07-27
Apply
Apply
🔥 Senior Staff Product Security Engineer (Consumer Identity & Access Management)
Posted 2024-07-11

📍 USA

🧭 Full-Time

💸 232000 - 310000 USD per year

🔍 Financial Technology

  • 10+ years of experience architecting CIAM solutions and authentication/authorization protocols, including OAuth, OIDC, SAML, and LDAP.
  • Experience designing and building distributed systems and applications, real-time scalable web services, REST APIs, and developer portals.
  • Proven track record of launching CIAM programs with complex use cases.
  • Experience integrating Identity COTS products, like Auth0, AWS Cognito, and Okta.
  • Experience with mobile app security architecture and design (iOS & Google).
  • Hands-on development experience with Python, Swift, and Kotlin.

  • Own and drive the CIAM roadmap for external identities.
  • Perform threat modeling and security architecture reviews for identity product features.
  • Provide technical leadership and mentorship on identity standards and security best practices.
  • Participate in the strategic development of identity-related projects.
  • Design authentication and authorization solutions with product teams.
  • Collaborate with engineering teams to enhance authentication platforms.
  • Develop security-focused test cases and perform code reviews.

AWSLeadershipPythonKotlinLDAPOAuthSwiftStrategy

Posted 2024-07-11
Apply