RemoteLeaf Logo
Log in Sign up

Staff Product Security Engineer

3 weeks ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD DynamoDB GCP Helm Java Kotlin Kubernetes Metasploit Microservices MySQL Node.js Penetration Testing Postman React Redis Swift SwiftUI
Apply Now
Greenlight

Greenlight

Greenlight is a financial technology company offering a debit card and money app for families, empowering parents to raise financially smart kids through smart spending and investing.

Capital Markets
251-1K
Founded 2014
$556M raised
View All Jobs 8

Description

  • Lead security architecture and design reviews with product and engineering teams.
  • Facilitate threat modeling sessions using STRIDE, PASTA, and attack tree methodologies.
  • Translate identified threats into prioritized engineering remediation plans.
  • Conduct hands-on penetration testing and security assessments across the full product stack.
  • Red-team AI-powered products and development tools for prompt injection, data exfiltration, MCP server exploitation, and tool misuse.
  • Drive PSIRT operations, including vulnerability triage, technical investigation, coordinated disclosure, and incident response support.
  • Score vulnerabilities using CVSS and coordinate remediation with engineering teams, including zero-day mitigation.
  • Define and enforce security guardrails and enterprise policies for AI-assisted development tools and workflows.
  • Partner with architects, product managers, engineering, legal, compliance, and executives on security and compliance risks.
  • Mentor junior security engineers and lead developer training on secure coding and security-by-design practices.

Requirements

  • 10+ years of product security experience across application security, cloud security, and secure SDLC.
  • Full SDLC experience from design through development, deployment, and incident response.
  • Expert-level threat modeling experience using STRIDE, PASTA, or equivalent methods.
  • Hands-on penetration testing experience across applications, APIs, cloud infrastructure, and hardware/firmware.
  • Demonstrated attacker mindset, supported by published research, CVE discoveries, bug bounty results, or red-team engagements.
  • PSIRT operational experience with vulnerability intake, triage, remediation coordination, and disclosure workflows.
  • Fluency with CVE, CVSS, and FIRST PSIRT frameworks.
  • Deep AI security expertise, including OWASP Top 10 for LLMs, APIs, web, mobile, and MITRE-related practical experience.
  • Strong hands-on experience with SAST, DAST, SCA, and securing AI development tools such as Claude and Cursor.
  • Understanding of MCP security risks and experience architecting enterprise guardrails for safe AI-assisted development.
  • Strong programming ability with the capability to review code, build security tools, and automate workflows.
  • Deep technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.
  • Experience with languages and frameworks such as Node.js, Java/Kotlin, React, Redux, Swift, and SwiftUI.
  • Experience with cloud and infrastructure technologies such as AWS, GCP, Kubernetes, Ambassador, and Helm, plus databases such as MySQL, DynamoDB, and Redis.
  • Ability to influence without authority, mentor without managing, and communicate technical risk effectively to diverse stakeholders.
  • Preferred: hardware and embedded security experience, including secure boot, firmware integrity, hardware root of trust, and IoT threat modeling.
  • Preferred: experience in financial services, with knowledge of PCI DSS and COPPA, or demonstrated ability to learn regulated domains quickly.

Benefits

  • Medical, dental, vision, and HSA match.
  • Paid life insurance, AD&D, and disability benefits.
  • Traditional 401(k) with company match.
  • Unlimited PTO plus paid company holidays and pop-up bonus holidays.
  • Professional development stipends and mental health resources.
  • 100% paid parental and caregiving leave, plus cleaning service and meals during leave.
  • Flexible WFH with both remote and in-office opportunities.
  • Discretionary performance bonus, equity rewards, and competitive market-based compensation.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Backblaze

Sr. Software Engineer - Application Security

Backblaze 251-1K IT Services

Backblaze is hiring an Application Security Engineer to strengthen the security of its cloud storage and backup products by embedding application security into new and existing software across a large, distributed stack.

Mexico Colombia Argentina Costa Rica Full-time Senior Application Security Engineer Software Engineer
C C++ Encryption Go HTTP Java JavaScript Linux Node.js Python REST API TypeScript
3 hours, 28 minutes ago
Bugcrowd

Product Security Engineering Manager

Bugcrowd 1K-5K Internet Software & Services

Bugcrowd is hiring a Product Security Engineering Manager to lead application, platform, and FedRAMP security programs while guiding a distributed team and advancing secure-by-default engineering across the company.

United States Full-time Senior Application Security Engineer
$176k-$242k
AWS Azure CI/CD Cybersecurity Docker GCP Go Java Kubernetes Linux Python Ruby Terraform
21 hours, 16 minutes ago
MongoDB

Senior Product Security Engineer, Server

MongoDB 1K-5K Internet Software & Services

MongoDB is hiring a Product Security professional to strengthen the security of its core database products and customer-facing security features for its Database Server team in Dublin or remotely in Ireland.

Ireland Full-time Senior Application Security Engineer
AWS Azure C++ Encryption GCP MongoDB Penetration Testing Secrets Management
1 day, 1 hour ago
MongoDB

Director, Identity & Security Product Management

MongoDB 1K-5K Internet Software & Services

MongoDB is hiring a Director of Identity and Security Product Management in Canada to lead the strategy and roadmap for IAM and security across its Atlas platform, core database, and related services.

Canada Full-time Executive Application Security Engineer Product Manager
$87k-$110k
AWS Azure GCP JIRA Microservices MongoDB Network Security
1 day, 3 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers