Position Purpose:
As a Product Security Engineer, you will act as a dedicated security partner for a specific business portfolio. You won’t just be finding bugs; you will be building a "Secure Flow" (paved path) that integrates security directly into the developer workflow. You will lead a portfolio to establish a scalable operating model, ensuring that every application—whether in-house, SaaS, or COTS—is visible, assessed, and secured.
Key Responsibilities:
• 100% Deliver Execution & Problem Solving - Collaborate with Enterprise Technology to configure and integrate cybersecurity systems that mitigate risk; Troubleshoot and quickly resolve escalated incidents; Design, build, configure, maintain, monitor cybersecurity threat defense capabilities and user access management; Coordinate integration and collaboration with managed security providers; Investigate and recommend corrective actions related to incidents
Direct Manager/Direct Reports:
• This position typically reports to Manager or Sr. Manager
• This position has 0 Direct Reports
Travel Requirements:
• No travel required.
Physical Requirements:
• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Working Conditions:
• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Minimum Qualifications:
• Must be eighteen years of age or older.
• Must be legally permitted to work in the United States.
• 3–5 years of experience in Product Security, Application Security (AppSec), or DevSecOps.
• Hands-on experience integrating and managing security scanning tools such as SAST, DAST, and secret scanning within CI/CD pipelines and source code repositories.
• Experience conducting threat modeling for applications and identifying design-level security risks.
• Ability to interpret security tool findings and partner with engineering teams to remediate Critical and High-risk vulnerabilities.
• Strong communication skills with the ability to clearly explain technical security risks to non-security stakeholders.
Preferred Qualifications
• Experience with SaaS Security Posture Management (SSPM) tools and validating security coverage across a SaaS application portfolio.
• Proficiency with formal threat modeling methodologies such as STRIDE, PASTA, or similar frameworks.
• Experience working closely with architects and engineering leaders to influence secure design decisions early in the development lifecycle.
• Demonstrated ability to build trusted relationships with engineering and product stakeholders and promote a “Secure from Start” mindset.
• Experience maintaining security metrics or scorecards and presenting security posture and remediation progress to leadership or portfolio stakeholders.
• Strong ability to position security as an enabler of developer velocity and business outcomes, not just risk reduction.
Minimum Education:
• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.
Preferred Education:
• No additional education
Minimum Years of Work Experience:
• 2
Preferred Years of Work Experience:
• No additional years of experience
Minimum Leadership Experience:
• None
Preferred Leadership Experience:
• None
Certifications:
• None
Competencies:
• Action Oriented
• Collaborates
• Communicates Effectively
• Customer Focus
• Drives Results