Senior Product Security Engineer (Cloud)

TL;DR

Senior Product Security Engineer (Cloud/SaaS): Driving critical product security initiatives across hirify.global’s products and platform with an accent on threat modeling, open-source software security, and SDLC tooling. Focus on securing core infrastructure built with Next.js and Node.js, managing bug bounty programs, and embedding security into the development lifecycle.

Location: Remote (Global). Hybrid options (anchor days) available for those within commuting distance of San Francisco, New York, London, or Berlin.

Salary: $196,000 – $294,000 (SF base pay)

Company

hirify.global provides developers with cloud infrastructure and tools like Next.js and v0 to build and scale the AI-native web.

What you will do

• Perform threat modeling and design reviews for new and existing features to identify risks and recommend security controls.
• Conduct secure code reviews and security assessments for products built with Next.js, Node.js, and serverless backends.
• Manage open-source security, coordinating fixes for third-party dependencies and ensuring the security of maintained projects.
• Implement automated security checks (SAST, DAST, GHAS) directly into CI/CD pipelines and GitHub workflows.
• Own and expand the bug bounty program, triaging vulnerability reports and coordinating remediation efforts.
• Lead cross-organizational security projects and provide expertise for customer-facing security documentation.

Requirements

• 5+ years of experience in Product Security or a related field.
• Proficiency in JavaScript, TypeScript, and Node.js runtime security.
• Expertise in threat modeling and integrating security into a fast-paced SDLC.
• Hands-on experience with product security tooling (SAST, DAST, dependency scanning).
• Solid understanding of cloud architecture and serverless environment security.
• Proven ability to drive security initiatives and influence engineering teams.

Nice to have

• Prior software development experience as a frontend or backend engineer.
• Relevant certifications such as OSCP, OSWE, or CISSP.
• Experience with policy-as-code or infrastructure as code security (e.g., OPA, Terraform).
• Active participation in the security community or contributions to open-source security projects.

Culture & Benefits

• Competitive compensation package including equity.
• Inclusive healthcare package.
• Professional growth through mentorship and funding for networking events.
• Flexible time off and a WFH budget for home office equipment.