Posted Jul 12, 2026

Principal Product Security Engineer

Apply for this Role →
Job Description: • Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement. • Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices. • Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks. • Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle. • Establish and enforce secure coding standards, development guidelines, and security best practices. • Mentor and guide software engineers on secure development practices and remediation strategies. • Perform threat modeling and risk assessments for new and existing products and infrastructure. • Assist in incident response investigations, root cause analysis, and remediation planning. • Evaluate third-party libraries, frameworks, and dependencies for security and operational risks. • Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening. • Drive vulnerability management efforts, including prioritization, remediation guidance, and validation. • Help define and implement logging, monitoring, and security alerting strategies. • Partner with external security consultants and vendors on penetration testing and security assessments. • Promote a security-first engineering culture across the organization. Requirements: • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience. • 7+ years of experience in software engineering, application security, product security, or cybersecurity engineering. • Strong understanding of secure application architecture and modern security practices for web, mobile, cloud, and distributed systems. • Hands-on experience reviewing source code and identifying security vulnerabilities. • Experience with OWASP Top 10, secure coding standards, authentication/authorization models, API security, and vulnerability remediation. • Experience securing cloud-native environments in AWS, Azure, or GCP. • Strong understanding of CI/CD pipelines, DevSecOps practices, container security, and infrastructure security. • Experience with threat modeling, penetration testing coordination, and incident response processes. • Ability to mentor engineers and influence technical direction across multiple teams. • Strong analytical, communication, and leadership skills. Benefits: • Health insurance • Flexible work arrangements • Professional development