Skip to content
CloudflareCloudflareUnited States

Product Security Engineer

Product Security Engineer supporting security assessments, threat modeling, and vulnerability operations for Cloudflare’s products. Conduct reviews, triage bug bounties, manage findings to SLA, and build AI/LLM tools to automate triage and workflows. Requires 5+ years in Product/AppSec for large-scale cloud/SaaS.

Salary not listed
On-site5+ YOESecurity Engineering

About the role

Role Responsibilities

  • Implement AI Security Solutions: Identify process bottlenecks and build AI-driven tools or scripts to help automate code analysis, optimize triage, and streamline Product Security workflows.
  • Security Reviews & Threat Modeling: Conduct structured security reviews and threat modeling sessions (e.g., STRIDE) across product features, defining security requirements early in the development lifecycle.
  • Product Vulnerability Management: Manage the operational lifecycle of product security findings. Ensure vulnerabilities are verified, mapped to the correct engineering owner, and tracked to mitigation in alignment with established SLAs.
  • Bug Bounty Triage: Perform the technical triage and validation of Cloudflare’s external Bug Bounty submissions, verifying exploitability and evaluating business risk.
  • Pentest Coordination: Support internal and external penetration testing engagements by reviewing findings, clarifying technical context, and assisting development teams with remediation strategies.
  • Engineering Collaboration: Partner closely with DevOps and product teams, acting as a reliable security point of contact and helping developers implement secure coding practices.

Role Requirements (Must-Have Skills)

  • 5+ years of experience in Product or Application Security within large-scale distributed cloud environments or SaaS platforms.
  • Demonstrated ability to build production-grade automation scripts and tools. Hands-on engineering experience leveraging AI/LLMs to solve operational or technical challenges.
  • Competency in threat modeling methodologies and the ability to evaluate code flaws to determine their actual engineering and security impact.
  • Experience tracking, routing, and driving the remediation of software vulnerabilities across engineering groups while working against defined SLAs.
  • Ability to collaborate effectively across teams, clearly communicating technical security risks to software engineers and resolving ownership ambiguity constructively.

Nice-to-Have Skills

  • Familiarity with modern exploitation techniques, fuzzing frameworks, or automated scanning utilities.
  • Experience scaling crowdsourced security programs (e.g., HackerOne, Bugcrowd) or optimizing agile project management workflows within JIRA.
  • Experience in integrating hardware security features into production code bases.

Skills

Application SecurityThreat ModelingStrideVulnerability ManagementBug Bounty TriagePenetration TestingAILLMsAutomationPythonJira
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k
On-site3+ YOESecurity Engineering