RemoteLeaf Logo
Log in Sign up

Senior Staff Product Security Engineer

18 hours, 41 minutes ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
Android AWS Burp Suite DynamoDB GCP Helm iOS Java Kotlin Kubernetes Microservices MySQL Node.js Penetration Testing Rancher React Redis Swift SwiftUI
Apply Now
Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised
View All Jobs 10

Description

  • Define and lead the long-term product security strategy, roadmap, and vision aligned with business goals, risk appetite, and regulatory requirements.
  • Serve as the internal authority on application and product security for engineering, product, and executive stakeholders.
  • Embed security ownership and security-first practices across engineering teams and the software development lifecycle.
  • Architect and evolve a comprehensive Product Security program spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security.
  • Lead the design and enforcement of secure development standards for web, mobile, cloud, secure coding, infrastructure-as-code, and APIs.
  • Identify, prioritize, and drive remediation of systemic vulnerabilities and architectural security gaps across the platform.
  • Lead and improve the penetration testing program through internal efforts and external vendor partnerships.
  • Partner with engineering and platform teams to build security-enhancing product features.
  • Establish and lead incident response processes for product security events, including root cause analysis and systemic remediation.
  • Evaluate and introduce new security tools, techniques, and frameworks to keep the company ahead of emerging threats.
  • Mentor staff and senior engineers across security and engineering to raise the organization’s security engineering capability.

Requirements

  • 12+ years of experience in product security, application security, or a related engineering discipline.
  • Proven track record of defining and driving security programs at scale across complex, multi-platform environments.
  • Hands-on experience architecting and implementing security solutions and processes in production environments.
  • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and iOS/Android threat vectors.
  • Deep hands-on experience with SAST, DAST, IAST, SCA, secrets scanning, and runtime protection tools.
  • Strong command of cloud security architecture and controls, particularly in AWS environments.
  • Experience leading or influencing the security architecture of distributed, microservices-based systems.
  • Experience developing and implementing security solutions.
  • Ability to build strong cross-functional relationships and influence engineering culture without direct authority.
  • Exceptional communication skills for translating complex security risk to technical and non-technical stakeholders.
  • Experience operating in regulated industries such as financial services, fintech, or healthcare.
  • Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent are a plus.
  • Public code, research, GitHub, or other public security work is a plus.
  • Experience building or scaling Product Security programs in high-growth startup environments is a plus.
  • Familiarity with security tools such as Burp Suite or Kali Linux is a plus.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO and paid company holidays, plus pop-up bonus holidays.
  • Professional development stipends.
  • Mental health resources.
  • 1:1 financial planners.
  • Fertility healthcare and 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible work-from-home options with both remote and in-office opportunities.
  • Fully stocked kitchen, catered lunches, and occasional in-office happy hours.
  • Employee resource groups.
  • Competitive compensation with a market-based pay approach.
  • Discretionary performance bonus and equity rewards.
  • Estimated base pay range of $180,000-$240,000 in NY/CA/WA and $180,000-$220,000 in CO.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Omilia

Senior Product Security Analyst

Omilia 251-1K IT Services

Omilia is hiring a Senior Product Security Analyst to own product and application security reviews across the software lifecycle, helping protect cloud-based SaaS products, platforms, and customers as the company scales.

United States Canada United Kingdom Full-time Senior Application Security Engineer
Agile AWS Microservices Penetration Testing
2 hours, 50 minutes ago
Brex

Application Security Engineer

Brex 1K-5K Diversified Financial Services

Brex is hiring an Application Security Engineer to help secure its finance platform by finding and responding to vulnerabilities, supporting secure development, and contributing to AI security efforts across cross-functional teams.

Anywhere Full-time Mid Level Application Security Engineer
$152k-$190k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
4 hours, 35 minutes ago
ESG News

Senior Cyber Engineer

ESG News 11-50 Internet Software & Services

The Financial Times is hiring a Senior Cyber Security Engineer to strengthen application and cloud security across its AWS-hosted, cloud-native technology estate.

United Kingdom Full-time Senior Application Security Engineer Security Engineer
Agile AWS CI/CD CloudFormation GitHub Python Scrum SIEM Splunk Terraform
17 hours, 47 minutes ago
Wellhub

Director Security Engineer | DevSecOps

Wellhub 1-10 Gas Utilities

Wellhub is hiring a Director of Security Engineering in Brazil to lead application security, DevSecOps, and security engineering for its global subscription platform across 10 product verticals.

Brazil Full-time Lead Application Security Engineer DevOps Engineer
API Gateway AWS Burp Suite CI/CD Elasticsearch GCP Go Java JavaScript Kubernetes Microservices Prisma Python Secrets Management Sentinel SIEM SonarQube Splunk
18 hours, 47 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers