RemoteLeaf Logo
Log in Sign up

Staff Product Security Engineer

6 hours, 13 minutes ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD DynamoDB GCP Helm Java Kotlin Kubernetes Metasploit Microservices MySQL Node.js Penetration Testing Postman React Redis Swift SwiftUI
Apply Now
Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised
View All Jobs 8

Description

  • Lead security architecture and design reviews with product and engineering teams.
  • Facilitate threat modeling sessions using STRIDE, PASTA, and attack tree methodologies.
  • Translate identified threats into prioritized engineering remediation plans.
  • Conduct hands-on penetration testing and security assessments across the full product stack.
  • Red-team AI-powered products and development tools for prompt injection, data exfiltration, MCP server exploitation, and tool misuse.
  • Drive PSIRT operations, including vulnerability triage, technical investigation, coordinated disclosure, and incident response support.
  • Score vulnerabilities using CVSS and coordinate remediation with engineering teams, including zero-day mitigation.
  • Define and enforce security guardrails and enterprise policies for AI-assisted development tools and workflows.
  • Partner with architects, product managers, engineering, legal, compliance, and executives on security and compliance risks.
  • Mentor junior security engineers and lead developer training on secure coding and security-by-design practices.

Requirements

  • 10+ years of product security experience across application security, cloud security, and secure SDLC.
  • Full SDLC experience from design through development, deployment, and incident response.
  • Expert-level threat modeling experience using STRIDE, PASTA, or equivalent methods.
  • Hands-on penetration testing experience across applications, APIs, cloud infrastructure, and hardware/firmware.
  • Demonstrated attacker mindset, supported by published research, CVE discoveries, bug bounty results, or red-team engagements.
  • PSIRT operational experience with vulnerability intake, triage, remediation coordination, and disclosure workflows.
  • Fluency with CVE, CVSS, and FIRST PSIRT frameworks.
  • Deep AI security expertise, including OWASP Top 10 for LLMs, APIs, web, mobile, and MITRE-related practical experience.
  • Strong hands-on experience with SAST, DAST, SCA, and securing AI development tools such as Claude and Cursor.
  • Understanding of MCP security risks and experience architecting enterprise guardrails for safe AI-assisted development.
  • Strong programming ability with the capability to review code, build security tools, and automate workflows.
  • Deep technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.
  • Experience with languages and frameworks such as Node.js, Java/Kotlin, React, Redux, Swift, and SwiftUI.
  • Experience with cloud and infrastructure technologies such as AWS, GCP, Kubernetes, Ambassador, and Helm, plus databases such as MySQL, DynamoDB, and Redis.
  • Ability to influence without authority, mentor without managing, and communicate technical risk effectively to diverse stakeholders.
  • Preferred: hardware and embedded security experience, including secure boot, firmware integrity, hardware root of trust, and IoT threat modeling.
  • Preferred: experience in financial services, with knowledge of PCI DSS and COPPA, or demonstrated ability to learn regulated domains quickly.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO plus paid company holidays and pop-up bonus holidays.
  • Professional development stipends and mental health resources.
  • 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible WFH with both remote and in-office opportunities.
  • Discretionary performance bonus, equity rewards, and competitive market-based compensation.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

EasyPost

Application Security Engineer

EasyPost 51-250 Air Freight & Logistics

EasyPost is hiring a remote Application Security Engineer III to lead security architecture and embed application security across the software lifecycle for its shipping platform.

United States Full-time Senior Application Security Engineer
$150k-$173k
AWS Azure CI/CD DevSecOps GCP Go HIPAA Linux macOS Python REST API Ruby Rust
1 hour, 28 minutes ago
Lucidya

Application Security Engineer

Lucidya 51-250 Media

Lucidya is hiring its first dedicated Application Security Engineer to strengthen secure development practices and embed security across its AI-native customer experience platform as the company scales globally.

Saudi Arabia Junior Application Security Engineer
AWS CI/CD Penetration Testing React Ruby on Rails
1 hour, 42 minutes ago
Arcadia

Senior Engineer, Security (AppSec)

Arcadia 251-1K IT Services

Arcadia is seeking a Senior Engineer, Security (AppSec) to protect its cloud-native healthcare SaaS platform by building application and cloud security controls, strengthening detection and response, and reducing risk in a highly regulated environment.

United States Full-time Senior Application Security Engineer
$140k-$175k
AWS Bash CI/CD DevSecOps HIPAA Kubernetes Python SIEM
1 hour, 58 minutes ago
Anchorage Digital

Member of Technical Staff, Security Operations

Anchorage Digital 251-1K Capital Markets

Anchorage Digital is hiring a remote Member of Technical Staff, Security Operations to help secure its regulated crypto platform by building defenses, investigating threats, and supporting vulnerability management across code, cloud, and infrastructure.

United States Full-time Mid Level Application Security Engineer Security Engineer
AWS Blockchain Burp Suite Go Penetration Testing Python
2 hours, 13 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers