Security Engineer, Product Security

Responsibilities

• Leverage broad product security expertise to build and maintain software tooling that secures every layer of the modern AI/ML software ecosystem.
• Conduct in-depth code reviews to identify and remediate security vulnerabilities.
• Evaluate and enhance the security of product offerings through RFC and service review.
• Implement and maintain CI/CD pipelines with a strong focus on security.
• Perform SAST and DAST to identify vulnerabilities in production code.
• Utilize Terraform orchestration to ensure secure and efficient infrastructure management.
• Guide engineering teams to build robust long-term solutions that consider security and privacy.
• Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
• Influence the security strategy and direction of the team, advocating for best practices and continuous improvement.

Requirements

• Proven experience as a Security Engineer with a focus on product security.
• Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes.
• Strong understanding of modern Javascript application design.
• Production experience operating and securing AWS infrastructure at scale.
• Hands-on experience with SAST and DAST tools and methodologies.
• Familiarity with Terraform orchestration for infrastructure management.
• Ability to structure complex problems and diagnose root causes independently.
• Excellent communication skills to present technical concepts to technical and non-technical stakeholders.
• Demonstrated ability to influence security strategies and drive improvements.

Nice-to-Haves

• Demonstrated ability to drive multi-month security initiatives independently.
• Relevant security certifications (e.g., CISSP, CEH, OSCP).