Senior Product Security Analyst
New
Workable locations: United States. Canada. United Kingdom, time zonesFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Languages
- English
- Experience
- 5+ years of experience
- Required Skills
- AWSAgileRESTful APIsMicroservices
Requirements
- 5+ years of experience in application security, product security, or a closely related domain.
- Strong practical understanding of secure SDLC, application security principles (e.g., OWASP Top 10), threat modeling, vulnerability management, and security risk assessment.
- Demonstrated experience owning end-to-end security reviews for applications or products, including release decision support.
- Hands-on familiarity with application security testing approaches (SAST, DAST, SCA), with the ability to interpret findings and assess real-world risk.
- Experience working with cloud-native SaaS environments, preferably AWS, including API driven and microservice based architectures.
- Working knowledge of PCI DSS and GDPR, with experience translating security and compliance requirements into engineering practices.
- Ability to apply independent technical and risk judgment, including challenging assumptions and driving remediation.
- Strong communication skills, capable of engaging both engineers and business stakeholders.
- Experience working in agile or iterative development environments.
- Strong verbal and written communication skills in English.
- Willingness to collaborate across distributed teams and time zones with reasonable flexibility.
Responsibilities
- Act as the primary application and product security partner for assigned products and services, owning end-to-end security reviews from design through release.
- Lead application-focused security assessments, including architecture reviews, threat modeling, and secure design validation for APIs, microservices, and SaaS platforms.
- Independently assess security risk and approve, delay, or block releases when required, escalating decisions where business urgency or customer commitments necessitate alignment.
- Provide authoritative, risk-based guidance to engineering teams, helping them understand not just what needs to be fixed, but also include security and risk context.
- Own vulnerability triage and prioritization for assigned products, ensuring findings are contextualized based on exploitability, exposure, and business impact.
- Interpret results from application security testing activities (SAST, DAST, SCA, manual reviews), translating technical findings into actionable remediation guidance.
- Monitor relevant external threats, attack techniques, and vulnerability trends, proactively assessing applicability to products and platforms.
- Support investigation and remediation of product- and application-related security incidents.
- Partner with engineering, platform, and cloud teams to embed secure-by-design practices into the SDLC, with a strong emphasis on application-layer controls.
- Apply hands-on technical judgment to validate engineering assumptions, challenge risk decisions, and ensure security controls are implemented effectively.
View Full Description & ApplyYou'll be redirected to the employer's site
