Lead end-to-end product security for consumer products, digital platform, and hardware devices. Drive threat modeling, penetration testing, PSIRT operations, and AI security guardrails in a regulated financial services environment.
Salary not listed
Remote10+ YOESecurity Engineering
About the role
Responsibilities
Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA and attack tree methodologies
Translate threats into actionable, risk-rated engineering remediations prioritized by severity
Conduct hands-on penetration testing and security assessments across the full product stack producing actionable reports for engineering and leadership
Red-team AI powered products and development tools to test for prompt injection, data exfiltration, MCP server exploitation, and tool misuse
Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents
Shape the posture of AI assisted development environment defining and enforcing enterprise policies for Claude and Cursor
Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers and collaborating with the AI team on securing ML pipelines
Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products
Requirements
10+ years of product security experience spanning application security, cloud security, and secure SDLC
Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded and AI systems
Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware
PSIRT operational experience from vulnerability intake and triage; fluent in CVE, CVSS, FIRST PSIRT frameworks
Deep hands-on AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile and practical experience with MITRE
Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor
Strong programming ability and capability to review code, build security tools, automate workflows
Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications
Strong knowledge of programming languages & frameworks (Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (AWS, GCP, Kubernetes, Ambassador, Helm), and databases (MySQL, DynamoDB, Redis)
Ability to influence without authority, mentor without managing, and communicate complex risks
Nice-to-Haves
Hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience
Experience in the Financial industry, knowledge of PCI DSS, COPPA or demonstrated ability to learn regulated domains quickly
Compensation & Benefits
Medical, dental, vision, and HSA match
Paid life insurance, AD&D, and disability benefits
Traditional 401k with company match
Unlimited PTO
Paid company holidays and pop-up bonus holidays
Professional development stipends
Mental health resources
1:1 financial planners
Fertility healthcare
100% paid parental and caregiving leave, plus cleaning service and meals during your leave
Flexible WFH, both remote and in-office opportunities
Senior Staff Security Engineer owning the roadmap for an AI-driven vulnerability scanning, triage, and automated remediation platform. Requires 8+ years in security engineering with deep cloud/container expertise, offensive security experience, and proficiency in Python/Go/Rust.
200k – 290k
Remote8+ YOESecurity Engineering
Staff Software Engineer
PlaidNew York, NY +2
Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.
222k – 328k
Hybrid7+ YOESecurity Engineering
Staff+ Application Security Engineer
AnthropicSan Francisco, CA +2
Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.
320k – 485k
Hybrid7+ YOESecurity Engineering
Staff Security Risk & Compliance Program Manager
ConfluentTexas
Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.
222k – 261k
Remote8+ YOESecurity Engineering
Senior/Staff Infrastructure Security Engineer
AbridgeSan Francisco, CA +1
Senior/Staff Infrastructure Security Engineer building self-service security platforms, automating DevSecOps workflows, and designing high-scale security data pipelines and IaC guardrails in a greenfield cloud-native environment at an AI healthcare company. Requires 8+ years software engineering experience with deep cloud and IaC expertise.