Responsibilities

Identify and close gaps across application security, secure design review, and vulnerability management
Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths
Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program
Mature how security is integrated in a developer-first environment, balancing pragmatism with strong technical judgment
Distinguish between theoretical risk and material business risk to prioritize security efforts effectively
Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails
Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues
Participate in security on-call rotations, helping respond to urgent security events
Help manage and mature bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams

Requirements

Strong experience in product security, application security, or security engineering
Experience working with cloud-native, developer tools, SaaS, platform, or infrastructure products
Clear communication skills across both technical and non-technical audiences, especially in written, asynchronous environments
Deep understanding of application security fundamentals, including auth, session management, APIs, and secrets handling
Experience with vulnerability triage, bug bounty programs, responsible disclosure, or security incident response
Comfortable participating in potential security on-call rotation and balancing urgency, risk, and practical remediation

Experience with or interest in Postgres, Kubernetes, or building security guardrails that enable rather than enforce