Jobs · Information Technology · California

Senior Product Security Engineer

World · San Francisco, CA · 3 wk ago
On-siteInformation Technology$221k–$250k/yrFull-time

About The Opportunity

You will be "In the Driver's Seat," proactively embedding security into every stage of the development lifecycle.

Your work will directly protect our users and ensure the integrity of a protocol designed for the majority of humanity.

  • Lead secure architecture reviews and threat modeling sessions for new application and cloud services.
  • Engineer and implement automated security guardrails and reusable libraries to make the secure path the easy path for developers.
  • Own the vulnerability management process, from triaging bug bounty submissions to driving remediation efforts with engineering teams.
  • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing engineering organization.

About You

  • You are a pragmatic and deeply technical security engineer who thrives on solving complex problems.
  • You have a builder's mindset and are passionate about shipping secure products with "Extreme Urgency."
  • You are comfortable with ambiguity and are driven by the opportunity to secure systems with world-changing potential.
  • You have 6+ years of hands-on experience in Product Security, Application Security, or Cloud Security.
  • You are proficient in code review and development in languages like Rust, Go, and Python.
  • You have extensive experience securing modern AWS architectures and developing secure infrastructure-as-code (e.g., Terraform and CDK).
  • You are an expert in leading threat modeling sessions and providing actionable guidance to engineering teams.
  • You have a strong background in implementing and managing security tooling (SAST, DAST, SCA) and embedding security into CI/CD pipelines.
  • You have a deep understanding of web and API security principles (OWASP Top 10) and have experience securing distributed, mobile-first systems.
  • Nice to have: Experience scaling a security champions program, expertise in Kubernetes (EKS) and container security or a particular interest in securing mobile applications or smart contracts.

Similar jobs