Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security team. This role is integral to ensuring the security and integrity of our products and services. You will conduct in-depth code reviews, implement security best practices, and influence the overall security strategy. Your expertise in TypeScript, Kubernetes, CI/CD, SAST, DAST, and terraform orchestration will be crucial in identifying and mitigating potential security vulnerabilities. You will also structure complex problems, diagnose root causes independently, and clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.

You will:

• Conduct in-depth code reviews to identify and remediate security vulnerabilities.
• Evaluate and enhance the security of our product offerings, through RFC and service review.
• Implement and maintain CI/CD pipelines with a strong focus on security.
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code.
• Utilize terraform orchestration to ensure secure and efficient infrastructure management.
• Guide engineering teams to build robust long-term solutions that consider security and privacy.
• Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
• Influence the security strategy and direction of the team, advocating for best practices and continuous improvement.

Ideally, you’d have:

• Proven experience as a Security Engineer with a focus on product security.
• Proficiency in NodeJS, TypeScript, and Kubernetes.
• Production experience with Kubernetes backed services.
• Hands-on experience with SAST and DAST tools and methodologies.
• Familiarity with terraform orchestration for infrastructure management.
• You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input.
• Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders.
• Demonstrated ability to influence security strategies and drive improvements within a team.
• Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus.
• Experience in a senior or lead security role is preferred.