Product Security Engineer (PSIRT)

TL;DR

Product Security Engineer (PSIRT): Leading the vulnerability response program for hirify.global's cloud-native AI platform with an accent on vulnerability intake, triage, validation, and remediation coordination. Focus on designing and evolving bug bounty programs, managing coordinated disclosure, and ensuring quick and responsible vulnerability fixes.

Location: Hybrid in Foster City, CA (in-office Monday, Wednesday, and Friday)

Salary: $180,000–$280,000

Company

hirify.global is an agentic software creation platform that enables anyone to build applications using natural language, democratizing software development for millions of users worldwide.

What you will do

• Manage vulnerability intake from various sources including bug bounty platforms, customer reports, and automated scanners.
• Independently validate, reproduce, severity-score, and document security findings.
• Coordinate with Engineering, SecOps, IT, SRE, and Cloud Security teams to drive remediation and track SLAs.
• Design and evolve the bug bounty program, including scope, rules, and reward structures.
• Communicate clearly with researchers, provide clarifications, and determine reward payouts.
• Lead the coordinated vulnerability disclosure process and manage CVE assignments and publications.

Requirements

• Experience running or triaging for bug bounty programs (HackerOne ideally).
• Strong ability to triage, validate, and reproduce vulnerabilities independently.
• Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, and authentication/authorization issues.
• Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
• Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.
• Must work in Foster City, CA, with an in-office requirement of Monday, Wednesday, and Friday.

Nice to have

• Scripting or automation experience (Python, Go, Bash).
• Pentesting background or exposure to offensive security work.
• Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
• Experience authoring public advisories or CVE writeups.
• Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

Culture & Benefits

• Competitive salary and equity with a 401(k) program.
• Comprehensive health, dental, vision, and life insurance, plus disability coverage.
• Paid parental, medical, and caregiver leave.
• Commuter benefits, monthly wellness stipend, and in-office set-up reimbursement.
• Flexible time off (FTO) + holidays and quarterly team gatherings.
• Autonomous work environment and in-office amenities.