Product Security Engineer (PSIRT)

180 000 - 325 000$

Формат работы

hybrid

Тип работы

fulltime

Грейд

senior

Английский

Страна

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Product Security Engineer (PSIRT): Managing the vulnerability response lifecycle for a cloud-native AI platform with an accent on triage, validation, and coordinated disclosure. Focus on reproducing complex vulnerabilities, managing bug bounty programs, and coordinating remediation across engineering teams.

Location: Hybrid (Foster City, CA) — In office Monday, Wednesday, and Friday

Salary: $180,000 – $325,000 + Equity

Company

hirify.global is an agentic software creation platform that enables anyone to build applications using natural language.

What you will do

Manage vulnerability intake and triage via bug bounty platforms (HackerOne), customer reports, and automated scanners.
Independently validate, reproduce, and severity-score security findings.
Coordinate remediation efforts with Engineering, SecOps, SRE, and Cloud Security teams.
Design and evolve the bug bounty program, including scope, reward structures, and community engagement.
Lead the coordinated vulnerability disclosure process and manage CVE assignments and public advisories.

Requirements

Experience running or triaging for bug bounty programs (ideally HackerOne).
Strong ability to triage, validate, and reproduce vulnerabilities independently.
Deep understanding of OWASP Top 10, web/app/cloud vulnerability classes, and authN/Z risks (OAuth, OIDC).
Familiarity with GCP and SaaS architectures.
Understanding of CI/CD workflows and software engineering fundamentals.
Must be based in or able to work from Foster City, CA (Hybrid)

Nice to have

Scripting or automation experience in Python, Go, or Bash.
Background in pentesting or offensive security.
Familiarity with SOC 2 and ISO 27001 compliance frameworks.
Experience authoring public advisories or CVE writeups.
Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

Culture & Benefits

Competitive salary and equity.
401(k) program with a 4% match.
Comprehensive health, dental, vision, and life insurance.
Paid parental, medical, and caregiver leave.
Flexible Time Off (FTO), quarterly team gatherings, and commuter benefits.
Autonomous work environment with a monthly wellness stipend.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →