Senior Staff Product Security Engineer

Overview

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.

We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.

We empower exceptional people to create extraordinary experiences together.

Bring your whole self.

The Role and Team

We are seeking a highly experienced Senior Staff Product Security Engineer to lead strategic security initiatives across our product portfolio. This individual will serve as a technical leader and trusted advisor to engineering, product, architecture, and security leadership teams, driving security by design throughout the software development lifecycle.

The ideal candidate combines deep technical expertise with strong influence, enabling security outcomes across multiple organizations without direct authority. They will identify systemic risks, develop scalable security solutions, and help shape the long-term security strategy for our products and platforms.

Responsibilities

Technical Leadership

• Define and drive the product security vision, strategy, and roadmap across multiple product lines.
• Lead complex security initiatives that improve the overall security posture of the organization.
• Act as the senior technical authority for application, cloud, platform, and AI security matters.
• Provide architectural guidance on security-critical product and platform designs.
• Partner with engineering leaders to embed security into development processes and engineering culture.

Security Engineering & Architecture

• Conduct security architecture reviews and threat modeling for critical products and services.
• Evaluate and mitigate risks associated with cloud-native architectures, microservices, APIs, mobile applications, and AI/ML systems.
• Develop security patterns, standards, and reference architectures that scale across the organization.
• Drive secure-by-default engineering practices and automation.

Vulnerability & Risk Management

• Lead identification, prioritization, and remediation strategies for security vulnerabilities.
• Establish risk-based approaches for vulnerability management and technical debt reduction.
• Guide incident investigations involving product security vulnerabilities.
• Provide executive-level recommendations on security risks and remediation priorities.

Security Automation & Tooling

• Champion adoption and optimization of security tooling including: SAST, SCA, Secrets Detection, DAST, Container Security, Cloud Security, ASPM Platforms.
• Drive automation to reduce manual security review efforts and improve developer experience.
• Define security metrics and reporting that demonstrate program effectiveness.

Emerging Technologies & AI Security

• Lead security assessments and governance efforts for GenAI, LLM, AI agents, MCP integrations, and emerging technologies.
• Establish secure development standards for AI-enabled products.
• Evaluate new technologies and provide guidance on associated security risks.

Cross-Functional Influence

• Partner closely with Engineering, Product Management, Legal, Privacy, Compliance, and Operations teams.
• Influence technical direction across organizations through expertise and relationship-building.
• Mentor Staff and Senior Engineers, helping develop the next generation of security leaders.
• Represent Product Security in executive reviews, customer discussions, and strategic planning sessions.

Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.

Qualifications

Minimum Qualifications

• 12+ years of experience in application security, product security, security engineering, or related fields.
• Proven experience operating at Staff or Senior Staff level within a technology organization.
• Demonstrated expertise in:
• Secure Software Development Lifecycle (SSDLC)
• Application Security
• Cloud Security (AWS preferred)
• Threat Modeling
• Security Architecture Reviews
• Vulnerability Management
• Secure Coding Practices
• Experience securing modern architectures including: APIs, Microservices, Kubernetes, Containers, Serverless platforms.
• Demonstrated knowledge of security frameworks and standards such as: OWASP, NIST, SOC 2, ISO 27001, PCI DSS.
• Experience building or scaling security programs across multiple engineering organizations.
• Demonstrated ability to engage engineers, executives, and customers.
• Professional working proficiency in written and spoken English.

Preferred Qualifications

• Experience securing AI/ML systems, GenAI applications, AI agents, or LLM-based platforms.
• Experience with security automation and developer security platforms.
• Familiarity with cloud-native security technologies and zero-trust architectures.
• Experience supporting customer security reviews and security escalations.
• Security certifications such as CISSP, CSSLP, GIAC, AWS Security Specialty, or equivalent.

Success Measures

Within the first year, this individual will

• Drive measurable reduction of security risk across the product portfolio.
• Improve security automation and developer adoption of security controls.
• Establish scalable security patterns that are adopted across engineering teams.
• Influence strategic product and platform decisions through security expertise.
• Mentor and elevate security engineering talent across the organization.
• Strengthen security culture by enabling engineering teams to build secure products by default.

Leadership Expectations

A Senior Staff Product Security Engineer is expected to

• Think beyond individual projects and solve systemic problems.
• nfluence without authority across organizations.
• Lead through technical excellence and sound judgment.
• Balance security, business objectives, and engineering velocity.
• Create durable solutions that scale across teams and products.
• Serve as a role model for engineering excellence, collaboration, and ownership.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.

Technical Leadership

• Define and drive the product security vision, strategy, and roadmap across multiple product lines.
• Lead complex security initiatives that improve the overall security posture of the organization.
• Act as the senior technical authority for application, cloud, platform, and AI security matters.
• Provide architectural guidance on security-critical product and platform designs.
• Partner with engineering leaders to embed security into development processes and engineering culture.

Security Engineering & Architecture

• Conduct security architecture reviews and threat modeling for critical products and services.
• Evaluate and mitigate risks associated with cloud-native architectures, microservices, APIs, mobile applications, and AI/ML systems.
• Develop security patterns, standards, and reference architectures that scale across the organization.
• Drive secure-by-default engineering practices and automation.

Vulnerability & Risk Management

• Lead identification, prioritization, and remediation strategies for security vulnerabilities.
• Establish risk-based approaches for vulnerability management and technical debt reduction.
• Guide incident investigations involving product security vulnerabilities.
• Provide executive-level recommendations on security risks and remediation priorities.

Security Automation & Tooling

• Champion adoption and optimization of security tooling including: SAST, SCA, Secrets Detection, DAST, Container Security, Cloud Security, ASPM Platforms.
• Drive automation to reduce manual security review efforts and improve developer experience.
• Define security metrics and reporting that demonstrate program effectiveness.

Emerging Technologies & AI Security

• Lead security assessments and governance efforts for GenAI, LLM, AI agents, MCP integrations, and emerging technologies.
• Establish secure development standards for AI-enabled products.
• Evaluate new technologies and provide guidance on associated security risks.

Cross-Functional Influence

• Partner closely with Engineering, Product Management, Legal, Privacy, Compliance, and Operations teams.
• Influence technical direction across organizations through expertise and relationship-building.
• Mentor Staff and Senior Engineers, helping develop the next generation of security leaders.
• Represent Product Security in executive reviews, customer discussions, and strategic planning sessions.

Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.

Minimum Qualifications

• 12+ years of experience in application security, product security, security engineering, or related fields.
• Proven experience operating at Staff or Senior Staff level within a technology organization.
• Demonstrated expertise in:
• Secure Software Development Lifecycle (SSDLC)
• Application Security
• Cloud Security (AWS preferred)
• Threat Modeling
• Security Architecture Reviews
• Vulnerability Management
• Secure Coding Practices
• Experience securing modern architectures including: APIs, Microservices, Kubernetes, Containers, Serverless platforms.
• Demonstrated knowledge of security frameworks and standards such as: OWASP, NIST, SOC 2, ISO 27001, PCI DSS.
• Experience building or scaling security programs across multiple engineering organizations.
• Demonstrated ability to engage engineers, executives, and customers.
• Professional working proficiency in written and spoken English.

Preferred Qualifications

• Experience securing AI/ML systems, GenAI applications, AI agents, or LLM-based platforms.
• Experience with security automation and developer security platforms.
• Familiarity with cloud-native security technologies and zero-trust architectures.
• Experience supporting customer security reviews and security escalations.
• Security certifications such as CISSP, CSSLP, GIAC, AWS Security Specialty, or equivalent.

Success Measures

Within the first year, this individual will

• Drive measurable reduction of security risk across the product portfolio.
• Improve security automation and developer adoption of security controls.
• Establish scalable security patterns that are adopted across engineering teams.
• Influence strategic product and platform decisions through security expertise.
• Mentor and elevate security engineering talent across the organization.
• Strengthen security culture by enabling engineering teams to build secure products by default.

Leadership Expectations

A Senior Staff Product Security Engineer is expected to

• Think beyond individual projects and solve systemic problems.
• nfluence without authority across organizations.
• Lead through technical excellence and sound judgment.
• Balance security, business objectives, and engineering velocity.
• Create durable solutions that scale across teams and products.
• Serve as a role model for engineering excellence, collaboration, and ownership.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.