Skip to content
GreenlightGreenlightAtlanta, GA

Senior Staff Product Security Engineer

Leads product security strategy, embeds security into SDLC across web, mobile, and cloud platforms, and drives secure development programs. Requires 12+ years in application security with expertise in AppSec tools, cloud architecture, and regulated industries.

Salary not listed
Remote12+ YOESecurity Engineering

About the role

Responsibilities

  • Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements.
  • Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership.
  • Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team.
  • Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security.
  • Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, IaC policies, and API security frameworks.
  • Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform.
  • Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships.
  • Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data.
  • Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation.
  • Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape.
  • Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company.

Requirements

  • 12+ years of experience in product security, application security, or a related engineering discipline.
  • Proven track record of defining and driving security programs at scale across complex, multi-platform environments.
  • Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale.
  • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and mobile threat vectors (iOS and Android).
  • Deep hands-on experience with the full AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection.
  • Strong command of cloud security architecture and controls, particularly in AWS environments.
  • Experience leading or heavily influencing the security architecture of distributed, microservices-based systems.
  • Experience in developing and implementing security solutions.
  • Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority.
  • Exceptional communication skills — you can distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike.
  • Experience operating in regulated industries (e.g. financial services, fintech, healthcare).

Nice-to-Haves

  • Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent — and/or public code/research.
  • Experience building or scaling Product Security programs in high-growth startup environments.
  • Familiarity with security tools including Burp Suite, or Kali Linux.

Technologies

Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI AWS, GCP MySQL, DynamoDB, Redis Kubernetes, Ambassador, Helm, Rancher

Benefits

  • Medical, dental, vision, and HSA match
  • Paid life insurance, AD&D, and disability benefits
  • Traditional 401k with company match
  • Unlimited PTO
  • Paid company holidays and pop-up bonus holidays
  • Professional development stipends
  • Mental health resources
  • 1:1 financial planners
  • Fertility healthcare
  • 100% paid parental and caregiving leave, plus cleaning service and meals during your leave

Skills

Node.jsJavaKotlinReactReduxSwiftSwiftUIAWSGCPKubernetesMySQLDynamoDBRedisSASTDAST
Zocdoc

Senior Staff Security Engineer, Vulnerability Management

ZocdocUnited States

Senior Staff Security Engineer owning the roadmap for an AI-driven vulnerability scanning, triage, and automated remediation platform. Requires 8+ years in security engineering with deep cloud/container expertise, offensive security experience, and proficiency in Python/Go/Rust.

200k – 290k/yr
Remote8+ YOESecurity Engineering
Plaid

Staff Software Engineer

PlaidNew York, NY +2

Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.

222k – 328k/yr
Hybrid7+ YOESecurity Engineering
Anthropic

Staff+ Application Security Engineer

AnthropicSan Francisco, CA +2

Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.

320k – 485k/yr
Hybrid7+ YOESecurity Engineering
Confluent

Staff Security Risk & Compliance Program Manager

ConfluentTexas

Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.

222k – 261k/yr
Remote8+ YOESecurity Engineering
Abridge

Senior/Staff Infrastructure Security Engineer

AbridgeSan Francisco, CA +1

Senior/Staff Infrastructure Security Engineer building self-service security platforms, automating DevSecOps workflows, and designing high-scale security data pipelines and IaC guardrails in a greenfield cloud-native environment at an AI healthcare company. Requires 8+ years software engineering experience with deep cloud and IaC expertise.

214k – 252k/yr
Remote8+ YOESecurity Engineering