Staff Product Security Engineer
New
C
Cherry Technologies, Inc.FinTech, Healthcare
Remote (US)Full-TimeStaff
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years
- Required Skills
- AWSCI/CD
Requirements
- 5+ years of experience in product security, application security, or a related security engineering role.
- Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management.
- Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code.
- Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation.
- Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines.
- Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders.
- Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment.
Responsibilities
- Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform.
- Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes.
- Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products.
- Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security.
- Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks.
- Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities.
- Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection.
- Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence.
- Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization.
- Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.
View Full Description & ApplyYou'll be redirected to the employer's site
