Product Security Engineer

Overview:

You will join our global product security team and help us build safer products. You will test our products, find risks, and work with others to fix them. We work across many products, so you will learn about different systems and how they are used. You will work closely with engineering and product teams, and they will rely on your guidance. You will help find hard-to-spot problems and support better security in product design and development. We want someone who shares what they know, keeps learning, and helps us strengthen how we work.

What you will do:

• You will perform security testing across our products to identify risks in web applications, application programming interfaces, containers, cloud environments, and AI-enabled features.
• You will partner with engineering and product teams so we have a clear understanding of security findings, risk, and remediation priorities.
• You will validate vulnerabilities through manual testing and security tools, helping us focus on the issues that matter most.
• You will support remediation by explaining findings clearly, reviewing fixes, and helping teams apply secure design and development practices.
• You will contribute to threat modeling, design reviews, and architecture discussions so risks are identified earlier in the development process.
• You will help improve our application security program by researching emerging attack techniques, tools, AI related tools and practical testing approaches.
• You will assess risks related to identity and access controls, common authentication models, and modern application architectures.
• You will work with teams across the software delivery lifecycle to strengthen security in build pipelines, deployment processes, and release practices.
• You will document findings and recommendations clearly so they can act on them and track issues through resolution.
• You will share knowledge with the team so we continue to improve how we test, communicate risk, and support secure product development.

What we are looking for:

• 3+ years of application security experience
• 3+ years of experience performing penetration testing
• Must have knowledge of application security testing across web applications, APIs, containerized deployments, cloud environments (AWS, Azure, GCP) and embedded or agentic AI applications
• Demonstrable expertise with tools such as Burp Suite, OWASP ZAP, Postman, Git, and Python or similar scripting languages.
• Strong understanding of OWASP Top Ten and AI Top Ten, SANS, MITRE ATT&CK.

• AI Skills/Knowledge:

• • Able to use generative AI tools such as Microsoft Copilot or ChatGPT to accelerate research, summarize findings, improve documentation, and reduce repetitive work.
  • Able to evaluate AI-generated content critically, verify technical accuracy, and use sound judgment before applying outputs to security testing, analysis, or decision-making.
  • Familiarity with security risks in AI-enabled features, including prompt injection, sensitive data exposure, insecure integrations, and misuse of model outputs, is preferred.
  • Openness to learning and adopting new AI capabilities as they emerge, and using them responsibly to improve quality, speed, and consistency in day-to-day work.
  • Knowledge of configuring and optimizing AI-assisted coding methodologies, including the development and tuning of skills in tools like Github Copilot, Claude Code, etc

• Preferred Skills:

• • Experience with threat modeling and secure design reviews is preferred.
  • Familiarity with cloud security concepts and common risks in modern application environments is a plus.
  • Experience with security testing for application programming interfaces, desktop applications, or legacy systems is beneficial.
  • Exposure to software delivery security practices and build pipeline security is preferred.
  • Relevant security certifications such as OSCP, PNPT, GPEN, GWAPT, CEH, or CompTIA Security+ are a plus.
  • Background in software engineering is also a plus.

#LI-SA1