# Senior Staff Product Security Engineer

**Company:** [Greenlight](https://hotfix.jobs/companies/greenlight)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 12+ years
**Skills:** Node.js, Java, Kotlin, React, Redux, Swift, SwiftUI, AWS, GCP, Kubernetes, MySQL, DynamoDB, Redis, SAST, DAST
**Posted:** 2026-05-05

> Leads product security strategy, embeds security into SDLC across web, mobile, and cloud platforms, and drives secure development programs. Requires 12+ years in application security with expertise in AppSec tools, cloud architecture, and regulated industries.

## Job Description

## Responsibilities

- Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements.
- Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership.
- Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team.
- Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, **SAST**, **DAST**, **IAST**, **SCA**, runtime protection, and API security.
- Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, **IaC** policies, and API security frameworks.
- Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform.
- Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships.
- Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data.
- Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation.
- Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape.
- Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company.

## Requirements

- **12+ years** of experience in product security, application security, or a related engineering discipline.
- Proven track record of defining and driving security programs at scale across complex, multi-platform environments.
- Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale.
- Expert-level knowledge of web and mobile application security, including **OWASP Top 10**, API security, and mobile threat vectors (iOS and Android).
- Deep hands-on experience with the full **AppSec** toolchain: **SAST**, **DAST**, **IAST**, **SCA**, secrets scanning, and runtime protection.
- Strong command of cloud security architecture and controls, particularly in **AWS** environments.
- Experience leading or heavily influencing the security architecture of distributed, microservices-based systems.
- Experience in developing and implementing security solutions.
- Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority.
- Exceptional communication skills — you can distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike.
- Experience operating in regulated industries (e.g. financial services, fintech, healthcare).

## Nice-to-Haves

- Hands-on certifications such as **OSCP**, **GWAPT**, **GPEN**, **CISSP**, or equivalent — and/or public code/research.
- Experience building or scaling Product Security programs in high-growth startup environments.
- Familiarity with security tools including **Burp Suite**, or **Kali Linux**.

## Technologies

**Node.js**, **Java/Kotlin**, **React**, **Redux**, **Swift**, **SwiftUI**
**AWS**, **GCP**
**MySQL**, **DynamoDB**, **Redis**
**Kubernetes**, **Ambassador**, **Helm**, **Rancher**

## Benefits

- Medical, dental, vision, and HSA match
- Paid life insurance, AD&D, and disability benefits
- Traditional 401k with company match
- Unlimited PTO
- Paid company holidays and pop-up bonus holidays
- Professional development stipends
- Mental health resources
- 1:1 financial planners
- Fertility healthcare
- 100% paid parental and caregiving leave, plus cleaning service and meals during your leave

## Similar roles

- [Senior Staff Security Engineer, Vulnerability Management](https://hotfix.jobs/jobs/48bab836-a257-4a63-898d-d884ea8db229) - Zocdoc - Remote - $200k – $290k/yr
- [Staff Software Engineer](https://hotfix.jobs/jobs/bda1fbe8-25da-4d58-8699-ce547f7bdf6e) - Plaid - New York, NY - $222k – $328k/yr
- [Staff+ Application Security Engineer](https://hotfix.jobs/jobs/176eddbe-ab46-4c6b-b459-b97404661b42) - Anthropic - San Francisco, CA - $320k – $485k/yr
- [Staff Security Risk & Compliance Program Manager](https://hotfix.jobs/jobs/69a879b7-e372-4ca2-a954-f0c78526aa69) - Confluent - Remote - $222k – $261k/yr
- [Senior/Staff Infrastructure Security Engineer](https://hotfix.jobs/jobs/b10a4e47-d210-46ca-8e32-a9d8992f41f8) - Abridge - Remote - $214k – $252k/yr

**Apply:** https://hotfix.jobs/jobs/1f0b0d6a-1120-478b-b75f-8f809c0a1ec0
**Canonical:** https://hotfix.jobs/jobs/1f0b0d6a-1120-478b-b75f-8f809c0a1ec0