Product Security Engineer (REMOTE) – 4478

Our client builds solutions for a cutting edge high-scale IoT platform serving hundreds of thousands (soon to be millions) of users.      

What You Will Be Doing

• Develop and expand security assessments, red teaming, application security, and product security initiatives.
• Lead internal and external penetration testing, utilizing both manual and automated techniques; perform code reviews and collaborate with developers and DevOps to address vulnerabilities.
• Advance and oversee threat modeling, vulnerability management, and risk mitigation strategies, focusing on preventative security architecture.
• Ensure security measures align with compliance standards and frameworks (e.g., SOC 2, ISO 27001, NIST, CIS, GDPR, CCPA).
• Evaluate, select, and implement cutting-edge security tools and technologies to strengthen defenses.
• Partner with engineering and product teams to embed security and privacy into development workflows.
• Stay informed on emerging threats, tools, and best practices to proactively enhance protections.
• Design and deliver employee security training and awareness programs.
• Serve as a security liaison for customer and partner engagements.
• Champion a company-wide culture of security ownership and vigilance. 

What You Will Need

• 5+ years of hands-on security engineering experience building, scaling, and managing security operations in fast-moving, cloud-native, tech-driven startup environments.
• Background in securing SaaS, managed services, mobile applications, and IoT ecosystems.
• Skilled at collaborating cross-functionally to assess and mitigate security, compliance, and data privacy risks.
• Expertise in penetration testing, application security audits, and secure code review within AWS-based SaaS architectures.
• Proficient in creating and refining threat models with engineering teams to strengthen application resilience.
• Deep knowledge of DevSecOps practices, including security automation within CI/CD pipelines, static and dynamic code analysis, and vulnerability remediation.
• Strong track record of automating security controls, leveraging Terraform and infrastructure-as-code tools, and managing vulnerabilities in dynamic cloud environments.
• Broad experience across security domains: cloud, network, application, data protection, incident response, vulnerability management, patch management, configuration management, and IAM.
• Solid grasp of security frameworks and compliance standards, with a proven ability to scale controls from startup to enterprise maturity (SOC 2 Type II, GDPR, CCPA).
• Skilled in deploying technical privacy safeguards and facilitating compliance with global data privacy regulations.
• Experienced in developing and leading incident response plans, investigations, and security incident management.
• Ability to educate engineers on security risks such as OWASP Top 10 and API vulnerabilities, applying a risk-driven, data-informed approach to prioritize efforts.
• Advocate of Security & Privacy by Design principles; embeds threat modeling early in the development lifecycle.
• Highly customer-centric and solution-oriented, with strong adaptability, proactive problem-solving, and a trusted advisor mindset.
• Deep attention to technical detail and a hands-on, action-oriented approach to security challenges.
• Committed to continuous learning, staying current with evolving threats, trends, and technologies.
• Industry-certified (AWS Security Certified, CISSP, CCSP, CSSLP, GXPEN, OSCP, SANS, Security+, CEH, CIPP, CIPT).
• Practical experience using AI tools to drive efficiencies in both security initiatives and day-to-day operations.

Why Us

Benefits and Perks:

• Competitive Salary : $155,000 – $165,000 per Year
• Full Health, Vision, and Dental Coverage
• Retirement Plan    

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.

This position does not offer sponsorship.

#LI-KB1

REF: JOB-4478