Jobs · Information Technology · California

Product Security Engineer

ID.me · San Francisco Bay Area · 3 wk ago
On-siteInformation Technology$168k–$200k/yrFull-time

About the role

ID.me is seeking a Product Security Engineer to join our Product Security organization. This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.

Responsibilities

  • Implement complex security solutions, including Cloud and SaaS security, and service account protections, and Application Security.
  • Build production-ready security automation using Python or Java to scale security operations and reduce manual toil.
  • Execute security projects from requirements through deployment with minimal guidance, delivering high-quality results on time.
  • Troubleshoot complex security issues in production environments, conducting deep technical analysis and implementing fixes quickly.
  • Build and maintain cloud security infrastructure using Terraform.
  • Configure GCP security services such as VPC Service Controls, Private Service Connect, Cloud Armor policies, IAM roles, and Secret Manager.
  • Execute API security assessments by conducting security reviews, identifying vulnerabilities, and implementing remediation.
  • Build security dashboards and reporting to track vulnerability MTTR, security control effectiveness, and false positive rates.

Requirements

  • 5+ years in security and/or software engineering, with focus on implementation and execution.
  • 5+ years of hands-on programming in Python or Java with demonstrated ability to build production-quality security tooling and automation.
  • 3+ years of hands-on GCP experience including GKE, Cloud Run, IAM, Secret Manager, and security services.
  • Container / mesh networks (GKE, Docker, Kubernetes security, image scanning, Binary Authorization, SBOM) proficiency.
  • Infrastructure-as-code proficiency (Terraform preferred) for deploying and maintaining security infrastructure.
  • Troubleshooting expertise with ability to debug complex issues in production cloud environments.

Qualifications

  • Basic Qualifications:
    • 5+ years in security and/or software engineering, with focus on implementation and execution.
    • 5+ years of hands-on programming in Python or Java with demonstrated ability to build production-quality security tooling and automation.
    • 3+ years of hands-on GCP experience including GKE, Cloud Run, IAM, Secret Manager, and security services.
    • Container / mesh networks (GKE, Docker, Kubernetes security, image scanning, Binary Authorization, SBOM) proficiency.
    • Infrastructure-as-code proficiency (Terraform preferred) for deploying and maintaining security infrastructure.
    • Troubleshooting expertise with ability to debug complex issues in production cloud environments.

Preferred Qualifications

  • GCP Professional Cloud Architect or Professional Cloud Security Engineer certification.
  • OSCP or comparable hands-on offensive-security certifications (e.g., OSEP, GXPN, PNPT) demonstrating strong adversarial reasoning and exploit-focused problem-solving capability.
  • Experience with offensive-security methodologies (e.g., understanding attack chains, exploitation fundamentals, or red-team tooling) applied to defensive engineering contexts.
  • Interest in applied security research—such as vulnerability discovery, protocol analysis, or emerging-threat investigation.

Pay

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. The pay range for this position is $168,472—$200,000 USD.

Similar jobs

Product Security Engineer

Applied IntuitionSunnyvale, CA· 2 wk ago
Information Technology$133k–$190k/yrapply on jobs.ashbyhq.com

Product Security Engineer

Aras CorporationAndover, MA· 2 wk ago
Information Technology$100k–$125k/yrapply on aras.bamboohr.com