Job Details
Overview: Serve as a senior security engineering resource supporting multiple product and development teams. Lead application and platform security assessments for new features, services, and emerging technologies, including AI-driven solutions. Conduct security testing and vulnerability validation activities, collaborate with engineering teams to remediate findings, and contribute code-based security improvements where appropriate. Manage external vulnerability reporting processes and coordinate risk management, compliance, and audit-related initiatives across the software development organization. Support incident response efforts and participate in an on-call rotation for security events affecting production environments.
Responsibilities:
- Lead Product Security across our SaaS offerings, partnering with product and platform engineering teams on design, code, and remediation
- Own Unified Security Review process for new product launches, vendor evaluations, and AI tooling — including custom penetration tests scoped to each review
- Drive Security Engineering Risk Management Framework, for consistent risk classification and remediation tracking across product
- Lead the Vulnerability Disclosure Program and security bug reporting workflow, from researcher intake through fix
- Drive SOC2 and compliance-related security remediation across product engineering, partnering with R&D leads on architectural fixes
- Provide security review and guardrails for internal AI platforms and coding agents (LLM gateways, prompt/response controls, agent permissioning)
- Participate in a shared on-call rotation for high-severity production security incidents
Qualifications:
- 8+ years of application security engineering experience
- Strong production coding ability in at least one of Java (preferred), TypeScript/JavaScript, Python, or Go — enough to perform deep code review, write proof-of-concept exploits, and contribute fixes directly into product repos
- Building security automation into CI/CD pipelines
- Hands-on penetration testing of production SaaS applications, including custom tests scoped to new product launches
- Threat modeling, secure design reviews, and static/dynamic code analysis across the SDLC
- Identifying and remediating common web application vulnerabilities (OWASP Top 10)
- Experience securing internal AI/LLM platforms and coding agents (model gateways, prompt/response controls, agent permissioning)
- Experience in Web3, Blockchain or Digital Assets (nice to have, not required)
- Experience building AI workflows, agents, and guardrailing (nice to have, not required)
Tech Stack:
- Cloud and containers: AWS, GCP, Kubernetes (EKS/GKE)
- Infrastructure-as-Code: Terraform
- Security tooling: Wiz, SonarCloud, Burp, Cloudflare
- CI/CD and source control: GitHub, GitHub Actions, Artifactory and related build/deploy tooling
- Languages and scripting: Java, JavaScript, Python, Go
- AI Coding Agents, Tooling, Systems