# Staff Product Security Engineer

**Company:** [Greenlight](https://hotfix.jobs/companies/greenlight)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 10+ years
**Skills:** Threat Modeling, Penetration Testing, Psirt, SAST, DAST, Sca, Burp Suite, Metasploit, Kali Linux, Node.js, Java, Kotlin, React, Redux, SwiftUI
**Posted:** 2026-06-25

> Lead end-to-end product security for consumer products, digital platform, and hardware devices. Drive threat modeling, penetration testing, PSIRT operations, and AI security guardrails in a regulated financial services environment.

## Job Description

## Responsibilities
- Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA and attack tree methodologies
- Translate threats into actionable, risk-rated engineering remediations prioritized by severity
- Conduct hands-on penetration testing and security assessments across the full product stack producing actionable reports for engineering and leadership
- Red-team AI powered products and development tools to test for prompt injection, data exfiltration, MCP server exploitation, and tool misuse
- Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents
- Shape the posture of AI assisted development environment defining and enforcing enterprise policies for Claude and Cursor
- Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers and collaborating with the AI team on securing ML pipelines
- Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products

## Requirements
- 10+ years of product security experience spanning application security, cloud security, and secure SDLC
- Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded and AI systems
- Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware
- PSIRT operational experience from vulnerability intake and triage; fluent in CVE, CVSS, FIRST PSIRT frameworks
- Deep hands-on AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile and practical experience with MITRE
- Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor
- Strong programming ability and capability to review code, build security tools, automate workflows
- Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications
- Strong knowledge of programming languages & frameworks (Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (AWS, GCP, Kubernetes, Ambassador, Helm), and databases (MySQL, DynamoDB, Redis)
- Ability to influence without authority, mentor without managing, and communicate complex risks

## Nice-to-Haves
- Hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience
- Experience in the Financial industry, knowledge of PCI DSS, COPPA or demonstrated ability to learn regulated domains quickly

## Compensation & Benefits
- Medical, dental, vision, and HSA match
- Paid life insurance, AD&D, and disability benefits
- Traditional 401k with company match
- Unlimited PTO
- Paid company holidays and pop-up bonus holidays
- Professional development stipends
- Mental health resources
- 1:1 financial planners
- Fertility healthcare
- 100% paid parental and caregiving leave, plus cleaning service and meals during your leave
- Flexible WFH, both remote and in-office opportunities

## Similar roles

- [Senior Staff Security Engineer, Vulnerability Management](https://hotfix.jobs/jobs/48bab836-a257-4a63-898d-d884ea8db229) - Zocdoc - Remote - $200k – $290k/yr
- [Staff Software Engineer](https://hotfix.jobs/jobs/bda1fbe8-25da-4d58-8699-ce547f7bdf6e) - Plaid - New York, NY - $222k – $328k/yr
- [Staff+ Application Security Engineer](https://hotfix.jobs/jobs/176eddbe-ab46-4c6b-b459-b97404661b42) - Anthropic - San Francisco, CA - $320k – $485k/yr
- [Staff Security Risk & Compliance Program Manager](https://hotfix.jobs/jobs/69a879b7-e372-4ca2-a954-f0c78526aa69) - Confluent - Remote - $222k – $261k/yr
- [Senior/Staff Infrastructure Security Engineer](https://hotfix.jobs/jobs/b10a4e47-d210-46ca-8e32-a9d8992f41f8) - Abridge - Remote - $214k – $252k/yr

**Apply:** https://hotfix.jobs/jobs/4f5895e5-9a85-4fa6-a55f-ff965da58f55
**Canonical:** https://hotfix.jobs/jobs/4f5895e5-9a85-4fa6-a55f-ff965da58f55