Product Security Engineer (GCP)

TL;DR

Product Security Engineer (GCP): Building and scaling product and cloud security efforts for an AI-native social engineering defense platform with an accent on GCP security, threat modeling, and IAM. Focus on implementing least-privilege access, coordinating penetration testing, and creating security guardrails through infrastructure-as-code.

Location: Remote across the U.S. and Canada

Salary: $175,000 — $200,000 USD

Company

hirify.global is a Series C startup building an AI-native platform to protect brands and employees from AI-powered social engineering threats, phishing, and fraud.

What you will do

• Conduct security architecture reviews and facilitate threat modeling for product features and the GCP environment.
• Coordinate penetration testing engagements, including vendor selection, scoping, and tracking remediation.
• Act as the GCP security subject matter expert for networking, data protection, compute runtimes, and CI/CD.
• Implement and improve least-privilege IAM, service account lifecycle management, and workload identity.
• Build security guardrails using policy and infrastructure-as-code (e.g., Terraform, org policies).
• Develop security documentation and runbooks while mentoring engineers on secure-by-default patterns.

Requirements

• 5–7 years of experience in product security or cloud security engineering.
• Deep knowledge of GCP services and security best practices (IAM, VPC, GKE, Cloud Run).
• Hands-on experience with threat modeling, risk assessment, and penetration testing coordination.
• Proficiency in Python and cloud-native scripting for security automation and compliance controls.
• Must be based in the U.S. or Canada.

Culture & Benefits

• Remote-first culture with high flexibility.
• Meaningful equity ownership in a high-growth Series C startup.
• Comprehensive health benefits and parental leave.
• Flexible PTO policy.
• Environment where individual work has immediate impact and visibility.