Designs and evolves product security architecture for multi-tenant SaaS platform, leads threat modeling and security reviews, implements customer-facing security controls like IAM and encryption. Requires 5+ years in product/cloud security, GCP experience, and bachelor's degree.
180k – 230k/yr
Remote5+ YOESecurity Engineering
About the role
Responsibilities
Define and evolve product security architecture for Valon’s multi-tenant SaaS platform
Support secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
Build and maintain security reference architectures and standardized secure design patterns for product teams
Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
Design and build AI-assisted workflows that automate and accelerate product security areas
Evaluate AI risks across internal and external applications
Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
Develop, implement, and enforce security policies, standards, and procedures
Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes
Ideal Background
Focused experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities
Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred)
Experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs)
Demonstrated ability to build and maintain security reference architectures
Strong experience leading threat modeling and security design reviews including security-focused code reviews
Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently
Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
Prior software engineering experience and/or coding ability (Python) is preferred
Minimum Qualifications
5+ years in security engineering roles focused on product, application, and/or cloud security
Bachelor's degree in Information Security, Computer Science, Technology or related field
Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)
Hands-on experience with modern security technologies and tooling across cloud and application security
Senior GRC Engineer responsible for designing, building, and operating automation, integrations, and AI-assisted workflows across governance, risk, and compliance. Leads compliance initiatives including SOC 2, ISO 27001, HIPAA, and FedRAMP while partnering with cross-functional teams to improve security assurance and audit readiness.
180k – 200k/yr
On-site6+ YOESecurity Engineering
Senior Application Security Engineer
MonarchUnited States
Senior Application Security Engineer embedded with product and engineering teams at Monarch, a personal finance platform. Conduct AppSec reviews, SAST/DAST, vulnerability management, and AI security for LLM features on Django/Python stack. Requires 5+ years in security engineering with Python and web security expertise.
180k – 215k/yr
Remote5+ YOESecurity Engineering
Senior Security Engineer, GRC
TemporalUnited States
Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.
180k – 225k/yr
Remote8+ YOESecurity Engineering
Senior Security Engineer
Kaizen LabsNew York, NY
Own end-to-end security architecture, compliance (FedRAMP, CMMC), and secure supply chain practices for a federal-focused government platform on AWS. Lead technical readiness and drive secure-by-default engineering in an early-stage environment.
180k – 220k/yr
Hybrid5+ YOESecurity Engineering
Manager, Network Security
Lumin DigitalUnited States
Lead and build a new network security function at a fintech company, managing a team of engineers, setting technical direction for cloud-native network security architecture, and establishing automated, identity-aware security controls across cloud, SD-WAN, and ZTNA environments.