Назад
Company hidden
5 дней назад

Product Security Engineer (Node.js)

208 000 - 312 000$
Формат работы
remote/hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
UK/US/Germany
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Product Security Engineer (Node.js): Driving critical product security initiatives across hirify.global’s products and platform with an accent on threat modeling, open-source software security, and secure code review. Focus on integrating security into the SDLC, managing bug bounty programs, and ensuring the security of serverless infrastructure.

Location: Remote if beyond commuting distance to San Francisco, New York, London, or Berlin; otherwise hybrid with in-office anchor days on Monday, Tuesday, and Friday.

Salary: $208,000 - $312,000 (San Francisco base pay)

Company

hirify.global is an agentic infrastructure company providing a platform for developers and agents to ship high-performance web products, including the team behind Next.js, v0, and AI SDK.

What you will do

  • Perform threat modeling and design reviews for new and existing features to mitigate risks early in the design phase.
  • Conduct secure code reviews for products and services built with Next.js, Node.js, and serverless backends.
  • Oversee open-source security efforts, monitoring third-party packages and ensuring the security of projects hirify.global maintains.
  • Evaluate and integrate security tools (SAST, DAST, secret detection) into CI/CD pipelines and GitHub workflows.
  • Own and expand the bug bounty program, triaging reports and coordinating remediation across teams.
  • Lead cross-organizational security projects and collaborate with customer success on security documentation and audits.

Requirements

  • 5+ years of experience in Product Security or a related field with a track record of securing web products.
  • Proficiency in JavaScript, TypeScript, and Node.js runtime security, with experience in modern web frameworks like Next.js or React.
  • Demonstrated ability to perform threat modeling and integrate security into a fast-paced SDLC.
  • Hands-on experience with product security tooling such as SAST, DAST, and dependency vulnerability scanners.
  • Knowledge of open-source supply chain security and experience handling vulnerability advisories.
  • Solid understanding of cloud architecture and serverless environments from a security perspective.

Nice to have

  • Prior software development experience as a frontend or backend engineer.
  • Relevant security certifications such as OSCP, OSWE, or CISSP.
  • Experience with policy-as-code or infrastructure-as-code security (e.g., Open Policy Agent, Terraform).
  • Active participation in the security community or contributions to open-source security projects.

Culture & Benefits

  • Competitive compensation package including equity.
  • Inclusive healthcare package.
  • Mentorship and budgets for professional events and skill development.
  • Flexible time off.
  • Provision of necessary gear and a WFH budget for home office setup.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →