Skip to content
ValonValonNew York, NY

Senior Product Security Engineer - Customer Platform

Designs and evolves product security architecture for multi-tenant SaaS platform, leads threat modeling and security reviews, implements customer-facing security controls like IAM and encryption. Requires 5+ years in product/cloud security, GCP experience, and bachelor's degree.

180k – 230k/yr
Remote5+ YOESecurity Engineering

About the role

Responsibilities

  • Define and evolve product security architecture for Valon’s multi-tenant SaaS platform
  • Support secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
  • Build and maintain security reference architectures and standardized secure design patterns for product teams
  • Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
  • Design and build AI-assisted workflows that automate and accelerate product security areas
  • Evaluate AI risks across internal and external applications
  • Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
  • Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
  • Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
  • Develop, implement, and enforce security policies, standards, and procedures
  • Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes

Ideal Background

  • Focused experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities
  • Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred)
  • Experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs)
  • Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring)
  • Demonstrated ability to build and maintain security reference architectures
  • Strong experience leading threat modeling and security design reviews including security-focused code reviews
  • Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
  • Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently
  • Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
  • Prior software engineering experience and/or coding ability (Python) is preferred

Minimum Qualifications

  • 5+ years in security engineering roles focused on product, application, and/or cloud security
  • Bachelor's degree in Information Security, Computer Science, Technology or related field
  • Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
  • Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)
  • Hands-on experience with modern security technologies and tooling across cloud and application security

Compensation

  • Base Compensation Band: $180K - $230K

Skills

GCPIAMRBACSSOSAMLOIDCSCIMMFAAPIsKmsOwaspNistCisSOC 2Python
Postman

Senior GRC Engineer

PostmanSan Francisco, CA

Senior GRC Engineer responsible for designing, building, and operating automation, integrations, and AI-assisted workflows across governance, risk, and compliance. Leads compliance initiatives including SOC 2, ISO 27001, HIPAA, and FedRAMP while partnering with cross-functional teams to improve security assurance and audit readiness.

180k – 200k/yr
On-site6+ YOESecurity Engineering
Monarch

Senior Application Security Engineer

MonarchUnited States

Senior Application Security Engineer embedded with product and engineering teams at Monarch, a personal finance platform. Conduct AppSec reviews, SAST/DAST, vulnerability management, and AI security for LLM features on Django/Python stack. Requires 5+ years in security engineering with Python and web security expertise.

180k – 215k/yr
Remote5+ YOESecurity Engineering
Temporal

Senior Security Engineer, GRC

TemporalUnited States

Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.

180k – 225k/yr
Remote8+ YOESecurity Engineering
Kaizen Labs

Senior Security Engineer

Kaizen LabsNew York, NY

Own end-to-end security architecture, compliance (FedRAMP, CMMC), and secure supply chain practices for a federal-focused government platform on AWS. Lead technical readiness and drive secure-by-default engineering in an early-stage environment.

180k – 220k/yr
Hybrid5+ YOESecurity Engineering
Lumin Digital

Manager, Network Security

Lumin DigitalUnited States

Lead and build a new network security function at a fintech company, managing a team of engineers, setting technical direction for cloud-native network security architecture, and establishing automated, identity-aware security controls across cloud, SD-WAN, and ZTNA environments.

180k – 200k/yr
Remote7+ YOESecurity Engineering