RemoteLeaf Logo
Log in Sign up

Senior Staff Product Security Engineer

3 weeks, 4 days ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
Android AWS Burp Suite DynamoDB GCP Helm iOS Java Kotlin Kubernetes Microservices MySQL Node.js Penetration Testing Rancher React Redis Swift SwiftUI
Apply Now
Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised
View All Jobs 11

Description

  • Define and lead the long-term product security strategy, roadmap, and vision aligned with business goals, risk appetite, and regulatory requirements.
  • Serve as the internal authority on application and product security for engineering, product, and executive stakeholders.
  • Embed security ownership and security-first practices across engineering teams and the software development lifecycle.
  • Architect and evolve a comprehensive Product Security program spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security.
  • Lead the design and enforcement of secure development standards for web, mobile, cloud, secure coding, infrastructure-as-code, and APIs.
  • Identify, prioritize, and drive remediation of systemic vulnerabilities and architectural security gaps across the platform.
  • Lead and improve the penetration testing program through internal efforts and external vendor partnerships.
  • Partner with engineering and platform teams to build security-enhancing product features.
  • Establish and lead incident response processes for product security events, including root cause analysis and systemic remediation.
  • Evaluate and introduce new security tools, techniques, and frameworks to keep the company ahead of emerging threats.
  • Mentor staff and senior engineers across security and engineering to raise the organization’s security engineering capability.

Requirements

  • 12+ years of experience in product security, application security, or a related engineering discipline.
  • Proven track record of defining and driving security programs at scale across complex, multi-platform environments.
  • Hands-on experience architecting and implementing security solutions and processes in production environments.
  • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and iOS/Android threat vectors.
  • Deep hands-on experience with SAST, DAST, IAST, SCA, secrets scanning, and runtime protection tools.
  • Strong command of cloud security architecture and controls, particularly in AWS environments.
  • Experience leading or influencing the security architecture of distributed, microservices-based systems.
  • Experience developing and implementing security solutions.
  • Ability to build strong cross-functional relationships and influence engineering culture without direct authority.
  • Exceptional communication skills for translating complex security risk to technical and non-technical stakeholders.
  • Experience operating in regulated industries such as financial services, fintech, or healthcare.
  • Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent are a plus.
  • Public code, research, GitHub, or other public security work is a plus.
  • Experience building or scaling Product Security programs in high-growth startup environments is a plus.
  • Familiarity with security tools such as Burp Suite or Kali Linux is a plus.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO and paid company holidays, plus pop-up bonus holidays.
  • Professional development stipends.
  • Mental health resources.
  • 1:1 financial planners.
  • Fertility healthcare and 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible work-from-home options with both remote and in-office opportunities.
  • Fully stocked kitchen, catered lunches, and occasional in-office happy hours.
  • Employee resource groups.
  • Competitive compensation with a market-based pay approach.
  • Discretionary performance bonus and equity rewards.
  • Estimated base pay range of $180,000-$240,000 in NY/CA/WA and $180,000-$220,000 in CO.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Harford County Public Library

Arquiteto de Segurança em Desenvolvimento (AppSec) Senior

Harford County Public Library 51-250 Diversified Consumer Services

Stone Tech, parte da Stone Co., is hiring a Senior Application Security Architect to help secure the development and operation of payment and financial systems, including products that use LLMs and generative AI.

Brazil Full-time Senior Application Security Engineer Software Architect
Agile AWS Azure CI/CD GCP Generative AI LLM
1 day, 2 hours ago
Anduril Industries

Manager, Product Security Foundations

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Manager of Product Security Foundations to lead a security engineering team delivering reusable foundational security components for its defense products.

United States Full-time Lead Application Security Engineer Engineering Manager
$191k-$253k
C C++ Cybersecurity Embedded Systems Go IoT Linux Python Rust
1 day, 19 hours ago
Parachute Health

Application Engineer

Parachute Health 51-250 Health Care Providers & Services

Parachute Health is hiring a software engineer for its IT & Security team to build internal platforms and AI-driven workflows that improve security, compliance, and operational efficiency across its healthcare technology environment.

United States Full-time Junior Application Security Engineer Software Engineer
AWS Datadog EC2 GCP GitHub GraphQL HIPAA JavaScript Node.js Penetration Testing Python React REST API Ruby on Rails SIEM Splunk SQL TDD TypeScript
2 days ago
Swapcard

Application Security Engineer

Swapcard 251-1K Professional Services

Swapcard is hiring an Application Security Engineer to strengthen the security of its AI-powered event platform by driving vulnerability remediation, security testing, and secure development practices across the product lifecycle.

Europe Austria Belgium Germany Greece Hungary Ireland Latvia Lithuania Poland Portugal Romania Spain Full-time Junior Application Security Engineer
Burp Suite CI/CD GitLab CI Helm Jenkins Penetration Testing SonarQube Terraform WAF
3 days, 19 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers