Position Summary:

As a Product Security Engineer, you will partner closely with developers to identify, triage, and drive remediation of security vulnerabilities across our products.

This hands-on role owns vulnerability triage across sources such as customer reports, security researchers, automated scanning tools, and penetration tests, and helps teams assess risk, prioritize fixes, and improve overall security posture.

You will also use AI tools to accelerate analysis, while supporting security reviews, threat modeling, and secure development practices across both the SDLC and emerging AI-assisted development workflows.

Success in this role requires strong attention to detail, curiosity to research new technologies, and effective collaboration with development teams. You will provide clear, actionable security feedback that helps teams improve efficiency and outcomes. You’ll thrive here if you’re proactive, resourceful, and eager to learn, with a focus on enabling teams to build secure, resilient products.

Responsibilities:

Vulnerability Assessment & Remediation
• Review and triage vulnerabilities from multiple sources including customer-reported issues, security researchers, automated scanning tools, and penetration testing results
• Assess severity and potential impact, including CVEs and third-party component risks
• Partner with developers to explain findings in clear terms, identify root causes, and drive timely remediation
• Track and validate fixes
• Developer Collaboration
  • Work closely with engineering teams to integrate security into daily workflows
  • Support developers in understanding secure coding practices and common vulnerability patterns
  • Participate in security reviews and provide actionable feedback
  • Threat Modeling & Security Reviews
    • Assist in threat modeling to identify potential risks early in the design phase
    • Support architecture and design reviews with a security perspective
    • Help ensure security is considered as part of feature development
    • Security in the SDLC/AIDLC
      • Contribute to integrating security into the SDLC and evolving AI-driven development processes (often referred to as AIDLC)
      • Help implement and improve secure development practices in CI/CD pipelines
      • Support adoption of security tools and ensure findings are actionable
      • AI-Assisted Security & Development
        • Use AI tools to improve vulnerability triage and analysis, accelerate security reviews and documentation, and identify patterns to reduce manual effort
        • Collaborate with engineering teams that are adopting AI-assisted development workflows
        • Continuously explore ways to use AI to improve security processes and efficiency

Requirements:

1-4 years of experience in product security, application security, or a related field
Basic understanding of common web and application vulnerabilities (e.g., OWASP Top 10)
Experience or strong interest in vulnerability triage and remediation workflows
Familiarity with at least one of the following:
• Static or dynamic analysis tools
• Software composition analysis (SCA)
• Container or dependency scanning
• Understanding of software development processes and working with developers
• Strong problem-solving and analytical skills
• Effective written and verbal communication skills
• Experience using AI tools to improve workflows or processes
  • Examples may include automating analysis, improving productivity, or enhancing development/security tasks

Preferred Qualifications:

Experience reviewing CVEs or working with vulnerability databases
Exposure to threat modeling or secure design practices
Familiarity with modern development environments (e.g., Git-based workflows, CI/CD)
Exposure to cloud environments (AWS, Azure, or GCP)