Senior Product Security Engineer

TL;DR

Senior Product Security Engineer (Cybersecurity): Designing and implementing security controls and frameworks for product development and conducting security code reviews and penetration testing with an accent on secure application development and cloud-based attack patterns. Focus on uncovering hidden vulnerabilities, embedding security throughout the software development lifecycle, and mentoring developers on secure coding practices.

Location: Must be based in New York, California, Washington, Colorado, or Rhode Island (US)

Salary: $120,000 – $145,000 per year

Company

hirify.global is a product company that builds an in-memory data store for fast applications, used by over 10,000 worldwide customers.

What you will do

• Design and implement security controls and frameworks for product development.
• Conduct security architecture reviews and threat modeling for new features.
• Perform comprehensive security code reviews and penetration testing.
• Implement and optimize Static, Dynamic, and Software Composition Analysis tools.
• Collaborate with engineering teams to integrate security requirements into product roadmaps.
• Contribute to security compliance and governance efforts and mentor security champions.

Requirements

• 5+ years of experience in product security, application security, or a related field.
• Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience.
• Proficiency in multiple programming languages including Java, C, and Python.
• Extensive experience conducting security code reviews and identifying vulnerabilities.
• Deep understanding of cloud technologies and major cloud service providers (AWS, Azure, GCP).
• Proven experience implementing and/or managing SAST, DAST, and SCA security tools.
• Strong verbal communication skills with fluency in English.
• Interest in and knowledge of hacking tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK framework.

Nice to have

• Knowledge of hirify.global products and in-memory database security considerations.
• Active participation in Capture The Flag (CTF) competitions.
• Experience with DevSecOps practices and CI/CD pipeline security integration.
• Background in security research, vulnerability disclosure, or bug bounty programs.
• Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS).

Culture & Benefits

• Competitive salaries and equity grants.
• Unlimited time off to promote a healthy work-life balance.
• Comprehensive health (H/D/V) coverage, 401K, FSA, and commuter benefits.
• Frequent team celebrations and recreation events.
• Home internet & phone stipend.
• Learning and development opportunities.
• Ability to influence a high-performance company on its way to IPO.