Product Security Engineer

Posted about 2 months agoViewed

View full description

💎 Seniority level: Senior, 5+ years

📍 Location: United States

🔍 Industry: Technology

🏢 Company: ButterflyMX👥 251-500💰 $50,000,000 Series D over 3 years agoSmart Home Security Real Estate Software

🗣️ Languages: English

⏳ Experience: 5+ years

🪄 Skills: AWSAWS EKSCybersecurityIoTCI/CDTerraform

Requirements:

5+ years of security engineering experience building, managing & scaling security operations in a cloud native startup.
Experience securing a tech stack that includes SaaS, Mobile, & IoT.
Proficiency in deploying security solutions in remote-first organizations with a cloud tech stack for SaaS.
AWS Security SME knowledge of securing EC2, S3, Lambda, EKS.
Experience with AWS Security Stack: WAF, Inspector, Security Hub, GuardDuty.
Knowledge of security overlay solutions: EDR, SIEM, CNAPP/CSPM, DSPM, DLP, IDS/IPS.
Extensive experience across multiple security domains: cloud security, data security, incident management, etc.
Experience maintaining SOC 2 Type II compliance and implementing data privacy controls.
Expertise in DevSecOps practices, including automating security testing in CI/CD pipelines.
Incident response management experience and ability to educate on application security vulnerabilities.
Continuous improvement mindset and inclination to engage in hands-on work.

Responsibilities:

Design, implement, mature & maintain robust security controls & processes across our technology stack to protect sensitive data & systems.
Lead vulnerability management & remediation efforts to improve the security posture & resiliency of ButterflyMX.
Extend detection & response capabilities, triaging alerts, investigating, and remediating incidents.
Drive security incident response efforts including containment, investigation, recovery, and lessons learned.
Ensure compliance with industry standards & best practices such as SOC2, ISO, NIST, GDPR, CCPA.
Evaluate & implement new security technologies to enhance security posture.
Collaborate with teams to integrate security into the product development lifecycle.
Stay updated with security threats and trends.
Develop & conduct regular security awareness training for employees.
Serve as a point of contact for security-related inquiries.

Apply

Related Jobs

Apply

🔥 Senior Product Security Engineer

Posted about 6 hours ago

📍 United States of America

🧭 Full-Time

💸 131420.0 - 216870.0 USD per year

🔍 Software Development

🔧 Requirements

Experienced knowledge and understanding of Linux Operating System
Proficiency in common programming languages like C/C++, Python, Java, Go
Familiarity with Source Code Management tools like Git
Strong understanding of security vulnerabilities including the confidentiality, integrity, and availability triad
Significant experience in security technologies and methodologies like authentication and authorization, encryption, and risk assessments
Ability to work on your own in a fast-paced environment with a multicultural team distributed across multiple countries and time zones
Outstanding written and verbal communication skills in English

💡 Responsibilities

Respond to security vulnerabilities, weaknesses and incidents, within the Red Hat portfolio of Products and Services.
Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
Research the impact of new flaws affecting Red Hat's offerings and communicate risk to stakeholders with different technical understanding, like senior leadership, engineers, architects, etc.
Coordinate with key stakeholders internally and externally, as appropriate, ensuring an effective management of the vulnerabilities and the security incidents
Provide technical leadership, mentor junior engineers, and drive collaboration to deliver high-impact solutions while fostering a culture of innovation and excellence.
Contribute in the industry coordination working groups to shape the industry wide vulnerability disclosure and coordination standards as well as to adopt and implement those standards within the organization

DockerPythonCybersecurityGitJavaKubernetesGoRESTful APIsLinuxRisk Management

Posted about 6 hours ago

Apply

🔥 Senior Product Security Engineer

Posted 12 days ago

📍 US

🧭 Full-Time

💸 198050.0 - 233000.0 USD per year

🔍 Software Development

🔧 Requirements

5+ years experience in security and/or software engineering roles with a demonstrated history of working on security-related projects or with responsibilities as a security generalist.
Strong cross-functional experience
Strong technical depth and breadth
You are excited to perform security design and code reviews.
You want to understand security systems and improve their efficiency and scalability.
You love tackling ambiguous problems in a fast-paced environment with an optimistic and energizing attitude.
You seek opportunities to lead the industry in implementing the latest security and privacy technologies.
You care deeply about creating impact and driving results for Headway’s business.
You are motivated by Headway’s mission, increasing access to high quality mental health care.

💡 Responsibilities

Participating in the implementation efforts
Doing security reviews
Helping with product design decisions
Auditing and surfacing vulnerabilities in our current products
Further enhance our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy.
Work on defining and building application guardrails so that developers can build securely by default. You also will work to instill a culture of secure development across engineering.
You will be part of the security and privacy team and have responsibilities to assist in incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level.

AWSPythonCloud ComputingCybersecurityKafkaTypeScriptFastAPIPostgresRedisReactSparkCI/CD

Posted 12 days ago

Apply

🔥 Product Security Engineer II - Partnerships

Posted about 1 month ago

📍 United States

🧭 Full-Time

💸 145200.0 - 205000.0 USD per year

🔍 Software Development

🏢 Company: HashiCorp👥 1001-5000💰 Secondary Market about 4 years ago🫂 Last layoff almost 2 years agoPrivate Cloud DevOps Information Technology Cyber Security Software Cloud Infrastructure

🔧 Requirements

Experience in some of these topic areas: Secure development practices, and integration into broader engineering activities.
Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
Security design / architecture and threat modeling.
Application and infrastructure security testing methodologies and tools.
Vulnerabilities (old and new), and options for defense / mitigation.
Product vulnerability management lifecycle.
Working with and/or supporting product engineering teams
Cryptography and cryptographic primitives

💡 Responsibilities

Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.
Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
Contribute to the creation and delivery of security training.
Research emerging attack vectors and techniques.

AWSCloud ComputingCybersecurityGCPGoCI/CDLinuxDevOps

Posted about 1 month ago

Apply

🔥 Product Security Engineer

Posted 2 months ago

📍 New York Area, San Francisco Area, Washington State, Los Angeles, CA, Washington, DC, Seattle, WA

💸 134100.0 - 225000.0 USD per year

🔍 Database management systems

🏢 Company: ClickHouse👥 101-250💰 Series B over 2 years agoDatabase Artificial Intelligence (AI)Big Data Analytics Software

🔧 Requirements

Experience supporting engineering and product implementation efforts through threat assessments and assurance activities.
Strong knowledge and experience with cloud service providers (AWS, GCP, Azure), Kubernetes, and related technologies.
Experience operating engineering security tools and processes including code analysis and fuzzing tools.
Significant development and automation experience, preferably with C++.
Security as code mindset to solve problems with automation and scale.

💡 Responsibilities

Collaborate with engineering and product on improving existing and building new product features focused on threat modeling, assurance, and secure implementation.
Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, and manage vulnerabilities reported through various channels.
Improve and develop security assurance activities such as pentests and bug bounty programs.
Drive implementation and usage of engineering security tools including static and dynamic code analysis.
Nurture relationships between engineering and security and implement process and technology improvements.
Handle information security events and incidents and develop processes and automation to scale security.

AWSGCPKubernetesC++Azure

Posted 2 months ago

Apply