Product Security Engineer
Indexed description
Trusted by many of the world’s F500 companies, Zenity provides centralized visibility, vulnerability assessments, and governance by continuously scanning business-led development environments.
We recently raised $38 million in a Series B funding, solidifying our position as a leader in the industry and enabling us to accelerate our mission of securing AI Agents everywhere.
Responsibilities
- Own, maintain, and continuously improve the Secure Design Review process, ensuring security considerations are integrated early in the development lifecycle.
- Develop, implement, and maintain Zenity’s Application Security Program, including controls, standards, developer enablement, and automation.
- Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting.
- Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams.
- Develop and maintain Zenity’s Cloud Security Program, defining guardrails, policies, and automated controls for secure-by-default cloud deployments.
- Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes.
- Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline, ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages.
- Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations.
- Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development.
- Define and track KPIs, metrics, and reporting for application and cloud security health.
- Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans.
- Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.
- Five (5) + years of experience in Engineering / Security Engineering
- We build solutions when faced with a capability gap
- You’re very comfortable with Kubernetes, Helm, and Terraform
- You’re very comfortable with Python and Typescript
- Three (3) + years of experience in an Application Security/Product Security focused role
- You’ve led AppSec focused “Security Review” programs
- You’ve led CloudSec focused “Secure Design” reviews
- You’ve led multiple vulnerability management campaigns to mitigate Cloud and Application security risks
- Two (2) + years of experience managing enterprise wide security projects
- You have a strong opinion on what a “project plan” doc should look like
- You’ve owned and delivered the migration or deployment of an AppSec focused security tool (SAST, DAST, ASPM, etc.)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search