Principal Product Security Engineer

Responsibilities

• Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement.
• Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices.
• Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks.
• Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle.
• Establish and enforce secure coding standards, development guidelines, and security best practices.
• Mentor and guide software engineers on secure development practices and remediation strategies.
• Perform threat modeling and risk assessments for new and existing products and infrastructure.
• Assist in incident response investigations, root cause analysis, and remediation planning.
• Evaluate third-party libraries, frameworks, and dependencies for security and operational risks.
• Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening.
• Drive vulnerability management efforts, including prioritization, remediation guidance, and validation.
• Help define and implement logging, monitoring, and security alerting strategies.
• Partner with external security consultants and vendors on penetration testing and security assessments.
• Promote a security-first engineering culture across the organization.