Product Security Engineer
Compa · Denver, CO · 3 days ago
On-siteInformation Technology$185k–$220k/yrFull-time
Responsibilities
- Set the Security Bar
- Perform architecture reviews, threat modeling, and security design reviews across applications, APIs, cloud infrastructure, data pipelines, and AI-enabled systems.
- Develop security standards, reference architectures, and secure design patterns that enable teams to build securely by default.
- Define and continuously improve the Secure Software Development Lifecycle (SDLC), embedding security throughout engineering workflows and release processes.
- Lead security assessments for new products, major features, third-party integrations, and emerging technologies.
- Serve as a trusted technical advisor on security architecture, implementation decisions, and risk tradeoffs.
- Communicate security concepts clearly across audiences — from engineering design reviews to product documentation, trust portal content, and customer diligence conversations.
- Build Leverage Through Tooling and Enablement
- Design and build reusable security patterns, libraries, and developer tooling that scale secure-by-default practices across engineering.
- Implement security automation and guardrails that improve security posture while reducing developer friction.
- Partner with Platform Engineering on cloud security posture, infrastructure hardening, secrets management, workload identity, and security observability.
- Advance AI Security
- Define and operationalize secure patterns for AI-enabled products, agents, MCP servers, tool integrations, and retrieval systems.
- Evaluate emerging AI security risks and translate them into practical architectural guidance, engineering controls, and platform capabilities.
- Partner with developers to improve the safe and scalable use of AI throughout the software development lifecycle, including AI-assisted tools and emerging workflows.
- Build When It Matters
- Prototype and deliver initial production-ready implementations for strategic initiatives, establishing patterns for broader adoption.
- Contribute to security incident response, investigations, and remediation when needed.
Requirements
- 5+ years of Software Engineering experience to include building and shipping production software.
- Strong programming fundamentals in at least one modern language, with aptitude to quickly learn others.
- Experience performing application security reviews, threat modeling, or security design reviews.
- Experience designing, building, or securing cloud-native applications and distributed systems.
- Strong understanding of cloud security, IAM, CI/CD, containers, infrastructure-as-code, and software supply chain security.
- Experience influencing engineering organizations through technical leadership and architectural guidance.
- Strong systems thinking, sound judgment, and the ability to reason about architecture, scale, operational risk, and engineering tradeoffs while operating effectively in ambiguous, fast-moving environments.
- Able to translate security risk into business and engineering terms, and to influence decisions at the leadership level without direct authority.
Qualifications
- Experience securing cloud-native infrastructure in AWS environments.
- Experience designing or implementing enterprise-facing capabilities such as SAML, SCIM, RBAC, audit logging, or customer-facing security controls.
- Experience building security automation, developer tooling, or internal platforms that improved engineering velocity and security outcomes.
- Experience building, operating, or securing AI-enabled products, agents, MCP servers, or retrieval systems.
- Experience building or scaling a Product Security or Security Engineering function in a high-growth technology company.
Skills
- Strong programming fundamentals in at least one modern language.
- Experience performing application security reviews, threat modeling, or security design reviews.
- Experience designing, building, or securing cloud-native applications and distributed systems.
- Strong understanding of cloud security, IAM, CI/CD, containers, infrastructure-as-code, and software supply chain security.
- Experience influencing engineering organizations through technical leadership and architectural guidance.
- Strong systems thinking, sound judgment, and the ability to reason about architecture, scale, operational risk, and engineering tradeoffs while operating effectively in ambiguous, fast-moving environments.
- Able to translate security risk into business and engineering terms, and to influence decisions at the leadership level without direct authority.
Benefits
- Compa is a venture-backed AI startup revolutionizing the future of compensation.
- We have a collaborative, curious, and driven team that values transparency, ownership, and continuous learning.
- We are located in Irvine, California, with growing sites in Denver, Colorado and San Francisco, California.
Pay
- $185K - $220K
Schedule
- Flexible work schedule to accommodate remote work where possible.