Product Security Engineer

• Develop self-service security frameworks and "paved roads" that allow engineering teams to ship secure code by default.
• Focus on automated guardrails for common vulnerabilities, while prioritizing deep-dive design reviews into complex business logic and data isolation issues (for example, multi-tenant isolation and authorization/permission bypasses) that automated tools cannot catch.
• Partner with product and engineering teams to review designs early, contribute to threat modeling for new features and complex initiatives, and provide clear, actionable security guidance.
• Research emerging threats and evolving best practices, specifically regarding AI and LLM safety, and implement controls to secure these workflows.
• Manage and evolve our approach to external penetration testing and bug bounties, driving remediation for findings and treating vulnerability management as an engineering problem.
• Contribute to the long-term roadmaps, metrics, and strategic planning for the security team.

• 4+ years of experience in product security or application security, with experience shipping production code. Please note this is not an early career position.
• You have a strong background in computer science or a related field, with proficiency in writing clean, maintainable code.
• You have deep familiarity with JavaScript or TypeScript, Node.js, and modern web application frameworks, and can reason about the security implications of systems built on them.
• You have hands-on experience securing LLM integrations and identifying prompt injection or data leakage risks.
• You are proficient in writing and reviewing code and treat security as an engineering problem to be solved with software, not just policies.
• You excel at communicating complex security risks to non-security stakeholders and enjoy collaborating cross-functionally to find solutions that balance security with engineering velocity.

Browse similar jobs