RemoteLeaf Logo
Log in Sign up

Staff Product Security Engineer

14 hours, 15 minutes ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD DynamoDB GCP Helm IoT Java Kotlin Kubernetes Metasploit MySQL Node.js Penetration Testing Postman React Redis Swift SwiftUI
Apply Now
Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised
View All Jobs 12

Description

  • Lead security architecture and design reviews and threat modeling sessions with product and engineering teams.
  • Translate identified threats into prioritized engineering remediations based on risk and severity.
  • Conduct hands-on penetration testing and security assessments across the full product stack.
  • Red-team AI-powered products and development tools to identify prompt injection, data exfiltration, MCP exploitation, and tool misuse.
  • Drive PSIRT operations, including vulnerability triage, technical investigation, severity scoring, and coordinated disclosure.
  • Manage zero-day findings and work with engineering to patch or mitigate issues using compensating controls.
  • Define and enforce security guardrails for AI-assisted development environments and enterprise policies for AI tools.
  • Partner with architects, product managers, engineers, legal, compliance, and executives on security and compliance decisions.
  • Mentor junior security engineers and help build a strong security culture through training and evangelism.
  • Collaborate with the AI team to secure machine learning pipelines and related workflows.

Requirements

  • 10+ years of product security experience across application security, cloud security, and secure SDLC.
  • Full SDLC experience from design through development, deployment, and incident response.
  • Expert-level threat modeling experience using STRIDE, PASTA, or equivalent methodologies.
  • Hands-on penetration testing experience across applications, APIs, cloud infrastructure, and hardware/firmware.
  • Published research, CVE discoveries, bug bounty results, or red-team engagement experience is preferred.
  • PSIRT operational experience with vulnerability intake, triage, CVE, CVSS, and FIRST PSIRT frameworks.
  • Deep AI security expertise, including OWASP Top 10 for LLMs, APIs, web, and mobile, plus practical MITRE experience.
  • Strong hands-on experience with SAST, DAST, SCA, and securing AI development tools such as Claude and Cursor.
  • Experience defining enterprise guardrails for MCP security, AI-generated code, secrets scanning, and DLP for outbound AI traffic.
  • Strong programming ability to review code, build security tools, and automate workflows.
  • Deep technical knowledge of CI/CD pipelines for web and mobile applications.
  • Experience with Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI, AWS, GCP, Kubernetes, Ambassador, Helm, MySQL, DynamoDB, and Redis.
  • Ability to influence without authority, mentor without managing, and communicate complex risks to technical and non-technical stakeholders.
  • Hardware and embedded security experience, including secure boot, firmware integrity, hardware root of trust, and IoT threat modeling, is preferred.
  • Financial industry experience and knowledge of PCI DSS or COPPA are preferred.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO.
  • Paid company holidays and pop-up bonus holidays.
  • Professional development stipends.
  • Mental health resources.
  • 1:1 financial planners.
  • Fertility healthcare.
  • 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible work-from-home options with both remote and in-office opportunities.
  • Fully stocked kitchen, catered lunches, and occasional in-office happy hours.
  • Employee resource groups.
  • Competitive compensation with market-based pay.
  • Discretionary performance bonus and equity rewards.
  • Estimated base pay range: $165,000-$200,000 in NY/CA/WA and $165,000-$185,000 in CO.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Veeam Software

Senior Configuration Engineer, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Configuration Engineer to lead enterprise release management and delivery automation across cloud-native, SaaS, and AI product environments.

United States Full-time Senior Application Security Engineer DevOps Engineer
$147k-$377k
Ansible Azure Bash CI/CD DevSecOps Docker GitOps Jenkins Kubernetes PowerShell Python Secrets Management Terraform
13 hours, 15 minutes ago
Veeam Software

Senior Cyber-Security Operations Analyst, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Cyber Security Operations Analyst to help design and scale secure Azure-based development and QA environments while improving CI/CD delivery and integrating security across the software lifecycle.

United States Full-time Senior Application Security Engineer DevOps Engineer
$121k-$311k
Ansible AWS Azure Bash CI/CD DevSecOps Docker GCP Git GitHub Actions Jenkins Kubernetes PowerShell Python Secrets Management Terraform
13 hours, 45 minutes ago
Trail of Bits

Security Engineer 1, Application Security - Remote US

Trail of Bits 51-250 Internet Software & Services

Trail of Bits is hiring a Security Engineer 1 to support software assurance work by assessing client software, finding vulnerabilities, and delivering actionable security findings for engineering teams.

United States Full-time Entry Level Application Security Engineer
$100k-$160k
Android Ansible AWS Azure C C++ Cybersecurity GCP GitHub Go Helm iOS JavaScript Kubernetes Python Rust Terraform TypeScript
14 hours ago
Veeam Software

Cyber-Security Operations Analyst III, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Cyber-Security Operations Analyst to support and secure CI/CD and DevSecOps infrastructure across cloud and platform engineering environments for enterprise, cloud-native, and AI-enabled products.

United States Full-time Senior Application Security Engineer DevOps Engineer
$102k-$235k
Ansible AWS Azure Bash CI/CD CloudFormation DevSecOps DNS Docker GCP Git GitHub Actions GitLab CI Helm Jenkins Kubernetes Linux PowerShell Pulumi Python SIEM TCP/IP Terraform
14 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers