Job title: Product Security Engineer
Job type: Permanent
Emp type: Full-time
Industry: Finance/Fintech
Salary type: Annual
Salary: USD $180,000.00
Location: Remote - US
Job published: 2024-10-15
Job ID: 32380
Contact name: Ross Gisondi
Phone number: +19293951228
Contact email: ross.gisondi@hamptonnorth.com

Job Description

Position Overview:


As a Product Security Engineer, you will work closely with our engineering and DevOps teams to ensure our cloud-native SaaS products are secure by design. You will be responsible for identifying, assessing, and mitigating security vulnerabilities in AWS and Terraform configurations, while implementing robust security controls across the product lifecycle.

 

Salary: 160-190k base + 10-15% bonus

Logistics: 100% Remote in the US

Work authorization: Must be a US Citizen or permanent resident

 

Key Responsibilities:

  • Conduct security reviews of architecture, design, and code for our cloud-native SaaS products.
  • Identify and remediate security vulnerabilities in AWS cloud environments and Terraform infrastructure as code (IaC) configurations.
  • Collaborate with development teams to integrate security best practices throughout the software development lifecycle.
  • Implement and manage automated security testing tools (e.g., SAST, DAST) and processes for continuous security validation.
  • Conduct threat modeling and risk assessments for new and existing products.
  • Develop and maintain security documentation, policies, and procedures.
  • Stay up-to-date on the latest security trends, threats, and technologies to continuously improve our security posture.

Qualifications:

  • 5-7 years of experience in Product Security, Application Security, or a related field.
  • Strong hands-on experience with AWS security (IAM, VPC, EC2, S3, CloudTrail, etc.) and Terraform IaC configurations.
  • Demonstrated ability to find and fix security vulnerabilities in cloud-native architectures.
  • Familiarity with common security frameworks and best practices (OWASP, NIST, CIS Benchmarks).
  • Experience working with DevOps and CI/CD pipelines to implement security automation.
  • Strong understanding of encryption, authentication, and security protocols.
  • Excellent problem-solving skills and the ability to work independently as well as in a team environment.
  • Strong communication skills to articulate security issues to both technical and non-technical stakeholders.

Preferred Qualifications:

  • Certifications such as CISSP, AWS Certified Security Specialty, or relevant cloud security certifications.
  • Experience with container security (Docker, Kubernetes).