Product Security Engineer (Cybersecurity)

TL;DR

Product Security Engineer (Cybersecurity): Building and embedding security deeply into how Gecko designs, builds, deploys, and operates software with an accent on secure development lifecycle, cloud-native architectures, and application security. Focus on leading threat modeling, incident response, and ensuring compliance with frameworks like ISO 27001 and SOC 2.

Location: On-site in New York City, Washington, D.C., or Boston, USA. This is an office-first culture.

Salary: $175K–$210K

Company

hirify.global helps the world’s most important organizations ensure the availability, reliability, and sustainability of critical infrastructure by combining wall-climbing robots, industry-leading sensors, and an AI-powered data platform.

What you will do

• Design, implement, and evolve Gecko’s Secure Development Lifecycle (SDL) across design, build, test, deploy, and operate, embedding security into CI/CD pipelines.
• Perform hands-on secure code reviews (Python, TypeScript, Cloud Formation/TerraForm) and identify and remediate vulnerabilities across APIs, services, auth flows, and data access.
• Secure cloud-native architectures (IAM, networking, storage, compute, CI/CD) and partner with platform teams to harden baseline infrastructure.
• Lead threat modeling for new systems, features, and integrations, reviewing system and data flow architectures for security risks and influencing design decisions early.
• Partner with SOC and engineering teams to lead incident response, supporting investigations, containment, and post-incident reviews while improving logging, detection, and security telemetry.
• Map technical controls to compliance frameworks (ISO 27001, SOC 2, NIST 800-53, FedRAMP, IL-4, IL-5) and automate audit evidence generation.
• Create practical security guidance, tooling, and internal documentation, delivering targeted technical training for engineers to scale adoption.

Requirements

• 6+ years of experience in application security or a related role.
• Bachelor’s in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
• Strong understanding of security protocols, cryptography, and application security frameworks (e.g., OWASP).
• Proficient in security testing tools (e.g., Burp Suite, OWASP ZAP) and methods.
• Experience with programming languages such as Java, Python, or C++.
• Familiarity with various operating systems and datastores.
• Familiarity with Security Best Practices and frameworks (e.g., NIST, ISO27001, SOC 2).
• Experience with Cloud architectures and design patterns (GCP experience is a plus).

Nice to have

• Experience in robotics, industrial systems, or safety-critical environments.
• Experience supporting DoD or regulated defence customers.
• Red team or offensive security background.
• Experience building SDLs from scratch or maturing them significantly.

Culture & Benefits

• Competitive compensation packages, company equity, and 401(k) matching.
• Gender-neutral parental leave, full medical, dental, and vision insurance.
• Mental health and wellness support, ongoing professional development, and family planning assistance.
• Flexible paid time off.
• Office-first culture with an understanding that occasional remote work may be needed.
• Commitment to creating a culture of inclusion and belonging, and proud to be an equal opportunity employer.