Overview A Software Product Security role (often called Product Security Engineer or ProdSec) is the bridge between traditional cybersecurity and software engineering. Unlike IT security, which focuses on protecting the company's internal network, Product Security focuses on ensuring the software the company sells or provides is resilient against attacks. About the Role The Product Security Engineer works directly with DevOps and Engineering teams to bake security into the Software Development Life Cycle (SDLC). The goal is to move security "left"—finding and fixing vulnerabilities during the design and coding phases rather than after the product has launched. Responsibilities Secure Design & Threat Modeling: Reviewing new features before a single line of code is written. You’ll identify potential attack vectors and suggest mitigations. Vulnerability Management: Triaging bugs found via automated scanners, internal audits, or Bug Bounty programs. Security Tooling: Implementing and managing tools like SAST (Static Analysis), DAST (Dynamic Analysis), and SCA (Software Composition Analysis) to catch insecure dependencies. Code Reviews: Performing manual "deep dives" into critical codebases to spot logic flaws that automated tools might miss. Incident Response: Acting as a subject matter expert when a security flaw is exploited in production. Internal Red Teaming: Lead activities to find ways to bypass the logic to alter "Recipe" files or production data. Developer Training: Creating "Security Champions" programs to teach engineers how to write defensive code. Qualifications Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP). Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security. Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI). Required Skills Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP). Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security. Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI). Preferred Skills Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security. Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI). Pay range and compensation package This isn’t a "gatekeeper" role. To be successful, you have to be a collaborative problem-solver. Developers often see security as a hurdle; your job is to make the "secure way" the "easy way." If you enjoy breaking things to learn how to fix them, you’ll love ProdSec. Equal Opportunity Statement I’m looking for "Security Engineers" who can actually code and contribute to the repository, rather than just pointing out problems and leaving. #J-18808-Ljbffr