Product Security Engineer II responsible for leading threat modeling, triaging CNAPP findings, contributing to SDLC tooling, and partnering with engineering teams to embed security practices. Requires 2-4 years in security roles with strong cloud security and AI tooling experience.
116k – 187k
Remote2+ YOESecurity Engineering
About the role
Responsibilities
Lead threat modeling engagements on the features and services where the risk warrants it.
Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.
Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.
Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.
Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.
Requirements
2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.
Comfortable reading and critiquing pull requests in a modern stack. You don't need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.
Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).
Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.
Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.
Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.
Nice to Haves
Experience with developer tools, SaaS platforms, or feature management
Security Analyst managing SecOps/SOC, threat monitoring, incident response, and log analysis using Wiz, Datadog, SQL across Kubernetes/AWS. Builds automated security controls with Python/Go/TypeScript and leverages LLMs for analytics; requires 2+ years SOC experience.
117k – 130k
Remote2+ YOESecurity Engineering
Security Engineer
DAT Freight & AnalyticsDenver, CO
Security Engineer responsible for implementing security controls, building automation workflows, and embedding security into SDLC and cloud infrastructure. Requires 2-4 years of cybersecurity or cloud security experience.
114k – 149k
Hybrid2+ YOESecurity Engineering
Threat Detection Engineer
IdmeMountain View, CA
Develop and optimize high-fidelity threat detections across SIEM/SOAR platforms using Python, SQL, and AI/ML techniques. Focus on LLM-assisted workflows, AI-specific threat detection, and infrastructure-as-code for scalable security operations.
113k – 140k
On-site2+ YOESecurity Engineering
Security Analyst
AptosUnited States
The Security Analyst will operate and scale security across the organization, supporting core security workflows such as phishing response, bug bounty operations, access governance, and operational security hygiene. This is a hands-on, cross-functional role offering broad exposure across security operations, access governance, and threat response.
120k – 180k
Remote2+ YOESecurity Engineering
SecOps Engineer
UpstartUnited States
SecOps Engineer building automated response mechanisms, triaging alerts, hunting threats, and supporting incident response with AI and SOAR tools. Requires strong logging skills, Python, and Git experience in a security-focused environment.