Product Security Engineer
Location
New York
Posted
38 days ago
Salary
$170K - $200K / year
Bachelor Degree2 yrs expEnglishJava ScriptPythonRubyGo
Job Description
• Implement and maintain static application security testing (SAST) using Semgrep across our repositories
• Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies
• Manage secrets detection scanning (Trufflehog) and respond to findings
• Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged
• Triage and prioritize vulnerability findings, working with engineering teams to drive remediation
• Support dynamic application security testing (DAST) efforts using tools like ZAP
• Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation
• Set up and configure automation scripts to support our vulnerability management practices
• Document secure coding guidelines and help educate developers on security best practices
• Evaluate and recommend new security tools as the landscape evolves
Job Requirements
- 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
- Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
- Familiarity with CI/CD pipelines and GitHub Actions
- Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
- Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
- Strong written communication skills for documentation and customer-facing security responses
- Self-motivated and able to manage competing priorities in a fast-paced environment.
Benefits
- Medical benefits
- Financial benefits
