Product Security Engineer

As a Remote Product Security Engineer, you will be responsible for integrating security into the design, development, and deployment of the company's products and services. You will work closely with software engineers, product managers, DevOps, and security teams to identify and mitigate risks throughout the product lifecycle, ensuring that security is embedded into every stage of development without hindering innovation or speed.

You will play a critical role in threat modeling, secure coding reviews, vulnerability management, and security tooling. Your mission is to proactively identify weaknesses, educate engineering teams on best practices, and deliver scalable solutions that protect both the organization and its users from ever-evolving cyber threats.

This role is ideal for a security-minded technologist who enjoys working in agile, collaborative environments and has a deep understanding of application security, cloud infrastructure, and secure development methodologies.

Key Responsibilities:

Perform security assessments of product designs, codebases, APIs, and deployment pipelines

Collaborate with product and engineering teams to define secure architecture patterns and development best practices

Conduct and support threat modeling exercises (e.g., STRIDE, PASTA) for new and existing features

Perform secure code reviews and provide actionable feedback to development teams

Integrate and manage security tools for SAST, DAST, SCA, and container security (e.g., Veracode, SonarQube, Checkmarx, Snyk)

Lead or support incident response related to product vulnerabilities or security issues

Monitor, triage, and help remediate findings from bug bounty programs or penetration testing

Collaborate with DevOps teams to enforce security in CI/CD pipelines (e.g., GitHub Actions, GitLab, Jenkins)

Provide internal security training and guidance to engineers and product stakeholders

Stay current with industry trends, threats, and best practices in product and application security

Required Qualifications:

Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)

2 years of experience in product security, application security, or secure software engineering

Solid understanding of secure development practices and common vulnerabilities (OWASP Top 10, CWE/SANS Top 25)

Familiarity with software security tools and techniques (e.g., static/dynamic analysis, dependency scanning, fuzzing)

Experience with secure SDLC methodologies and DevSecOps integration

Proficiency in one or more programming languages (e.g., Python, JavaScript, Java, Go, C++)

Strong interpersonal and communication skills for interfacing with both technical and non-technical teams