Staff Product Security Engineer
Indexed description
We are looking for a Senior Product Security Engineer to extend our Product Security capability with a strong focus on continuous vulnerability discovery and prevention.
This Role Is Responsible For
- Building and executing security regression testing
- Driving threat modeling across existing and new functionality
- Conducting targeted offensive security activities (Red Team–style testing)
- Identifying real vulnerabilities based on a deep understanding of our platform and the OWASP Top 10 Web Application Security Risks
Key Responsibilities
- Security Regression Testing
- Design and maintain security regression test suites covering critical application flows
- Ensure vulnerabilities, once fixed, are permanently prevented from recurring
- Integrate security regression into CI/CD pipelines
- Define coverage targets for security-critical areas (auth, access control, APIs, data flows)
- Threat Modeling
- Lead structured threat modeling sessions for:
- Existing system components
- New features and architectural changes
- Identify attack surfaces, abuse cases, and trust boundaries
- Translate threats into:
- Test cases
- Security requirements
- Mitigation plans
- Ensure threat modeling becomes a continuous lifecycle activity
- Offensive Security / Red Team Activities
- Perform manual and automated security testing simulating real attacker behavior
- Focus on high-impact vulnerabilities, not theoretical findings
- Validate exploitability and business impact
- Partner with engineering teams to:
- Reproduce issues
- Prioritize fixes
- Validate remediation
- OWASP Top 10–Driven Vulnerability Discovery
- Continuously assess the platform against OWASP Top 10 categories
- Use deep product knowledge to find non-obvious, context-specific vulnerabilities
- Go beyond tooling (DAST/SAST) to uncover logic flaws and abuse paths
- Security Assurance for Product Changes
- Review new features and changes for security risks
- Ensure all changes are:
- Threat-modeled
- Covered by regression tests
- Act as a security gatekeeper without becoming a bottleneck:
- Enable teams with guidance and tooling
- Avoid heavy process overhead
- Collaboration & Enablement
- Work closely with:
- Engineering teams
- Architecture
- SRE / Platform teams
- Contribute to secure-by-design practices
- Support developers in understanding and fixing vulnerabilities
- Help scale security through:
- Reusable patterns
- Automation
- Security guidance
- 5+ years in Application / Product Security
- Bachelor's Degree or equivalent of 12 years of work experience
- Strong hands-on experience in:
- Web application security testing
- API security
- Threat modeling methodologies
- Deep understanding of OWASP Top 10
- Experience with:
- Manual penetration testing
- Security regression testing
- CI/CD security integration
- Ability to identify business logic vulnerabilities
- Strong understanding of:
- Authentication, authorization, and session management
- Multi-tenant architectures
- Cloud-native systems
- Experience in SaaS / multi-tenant platforms
- Familiarity with:
- Bug bounty programs
- Red teaming
- Security automation frameworks
- Knowledge of:
- AWS
- Identity systems and federation (SSO, MFA)
- Background in software engineering (ability to read/write code)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search