Staff Software Engineer, Product Security

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Staff Software Engineer, Product Security in the United States.

In this role, you will ensure the security and integrity of software products by guiding development teams to adopt secure design practices and proactively mitigating vulnerabilities. You will perform security assessments across web, mobile, and internal applications, helping engineers identify and eliminate potential threats. Your work will involve threat modeling, code review, and the implementation of security programs to protect sensitive data. You will mentor junior engineers, automate processes to scale security efforts, and represent product security initiatives internally and externally. This role blends hands-on technical expertise with strategic oversight, allowing you to shape the security posture of high-impact, widely used applications while fostering a culture of security awareness.

Accountabilities:

• Conduct security assessments for web applications, native clients, internal services, and partner applications.
• Provide security-focused guidance throughout the software development lifecycle to development teams.
• Identify emerging vulnerabilities and implement strategies to prevent systemic security issues.
• Perform threat modeling, secure code reviews, and vulnerability analysis across multiple platforms.
• Maintain and develop secure development practices and training programs for engineers.
• Mentor junior team members to scale the impact of the security function.
• Represent the product security team internally and externally through presentations and engagement.

Requirements

• Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent experience.
• Experience in security testing of web and mobile applications, including Electron, iOS, and Android apps.
• Strong understanding of web application architecture and secure design principles.
• Proficiency in manual code review and familiarity with languages such as JavaScript, Java, Python, Ruby, PHP, or HackLang.
• Experience with security testing tools for DAST, SAST, and IAST analysis (e.g., Burp Suite, Snyk, Semgrep).
• Knowledge of authentication protocols (SAML, OAuth) and common security vulnerabilities (OWASP, SANS).
• Strong communication skills, with ability to deliver constructive feedback empathetically.
• Threat modeling experience using STRIDE or similar frameworks; familiarity with AWS services is a plus.
• Security certifications or training (e.g., SANS GWAPT, OSCP, OSWE) are preferred; AI security testing experience is a plus.

Benefits

• Competitive base salary (ranges vary by location: $192,200 – $334,600).
• Comprehensive medical, dental, and vision coverage.
• Paid time off, flexible work arrangements, and holidays.
• 401(k) retirement plan and Employee Stock Purchase Program.
• Life and disability insurance, mental health support, and wellness programs.
• Professional development opportunities, including public speaking and research participation.
• Remote work flexibility to support work-life balance.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.

The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are handled by their internal hiring team.

Thank you for your interest!

#LI-CL1