Product Security Engineer

Posted 10 days agoViewed

💎 Seniority level: Middle, 2-3 years

📍 Location: United States, Brazil, Tel Aviv

🔍 Industry: Cybersecurity

🗣️ Languages: English, Hebrew

⏳ Experience: 2-3 years

🪄 Skills: AWSDockerPythonGCPJavascriptKubernetesCI/CDTerraform

2-3 years of experience in application security focused on web applications and APIs.
Hands-on experience as a software engineer with proficiency in Python, JavaScript, or similar.
Strong knowledge of application security principles, including OWASP Top Ten.
Familiarity with security tools such as SAST, DAST, and SCA integrated into CI/CD pipelines.
Experience with vulnerability management practices.
Experience with cloud environments (AWS, GCP) and modern DevOps tools (Terraform, Docker, Kubernetes).
Excellent English and Hebrew communication skills.
Strong sense of ownership and ability to work independently or collaboratively.

Implement and maintain security tools (e.g., SAST, DAST, SCA) as part of the SDLC.
Conduct vulnerability management activities including monitoring and coordinating remediation with development teams.
Stay updated with the latest application security threats and improve Axonius' security practices.
Develop and maintain security automation scripts.
Assist in coordinating external penetration testing engagements.
Collaborate with R&D teams and external partners to strengthen product security.
Support initiatives like bug bounty programs and internal testing.

Posted about 1 month ago

📍 USA

💸 150000.0 - 265000.0 USD per year

🔍 Product security

🏢 Company: Navan👥 1001-5000💰 $400,000,000 Debt Financing about 2 years ago🫂 Last layoff about 1 year agoFinancial Services Payments Software Business Travel

Proven experience in threat modeling and architecture reviews.
Experience delivering critical org-wide product security initiatives.
Application, cloud, and mobile penetration testing experience.
8-10 years of experience in Technical Product Security and SSDLC tooling.
Ability to provide pragmatic security advice for web and mobile applications.
Experience in Agile development and cloud environments such as AWS.
Familiarity with application security testing tools and Continuous Integration processes.
Knowledge of security protocols, threats, and secure SaaS architecture.

Act as the tech lead for high-priority product security initiatives.
Ensure timely delivery of impactful initiatives.
Advise strategy and roadmap for the Product Security Program.
Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements.
Review product designs for security defects and conduct threat modeling.
Work with engineers to recommend ideal security designs.
Develop security tools and processes for development teams.
Provide training and guidance to development teams during the SSDLC.
Bring visibility to product vulnerabilities for prioritization and remediation.

AWSDockerGitHibernateCSSJavascriptJenkinsKubernetesJava SpringAngularTerraform

Posted about 1 month ago

🔧 Requirements