Senior Product Security Engineer
New
C
Cherry Technologies, Inc.FinTech, Healthcare
Remote (US)Full-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 4+ years
- Required Skills
- AWS
Requirements
- 4+ years of experience in product security, application security, or a related security engineering role
- Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management
- Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code
- Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation
- Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines
- Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders
- Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment
Responsibilities
- Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform
- Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes
- Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products
- Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security
- Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks
- Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities
- Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection
- Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence
- Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization
- Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products
View Full Description & ApplyYou'll be redirected to the employer's site
