Security Engineer III, Product AppSec

#LI-JC2 #LI-REMOTE

About the Role

We're looking for a Product Security Engineer to strengthen and scale secure software development practices across cloud-native, enterprise, and AI-enabled product environments. You'll work closely with Product Security, Engineering, DevOps, and Platform teams to identify, prioritize, and remediate vulnerabilities throughout the software development lifecycle. This role is ideal for someone passionate about application security, developer enablement, and building scalable security processes that integrate naturally into engineering workflows.

Due to the fact that this position will deal with highly sensitive data and will support federal customers, we are only considering US citizens at this time. Security clearance is not required, but there is a slight chance it maybe requested in the future

What You’ll Do

• Monitor, assess, and manage security risks related to open-source software dependencies, CVEs, and third-party components
• Triage and validate vulnerabilities across applications, containers, infrastructure, and dependencies — prioritizing by exploitability, exposure, and business impact
• Coordinate patch management initiatives and support automated patch deployment workflows with Release Engineering and DevOps teams
• Support and expand the Security Champion program, partnering with developers to improve secure coding awareness and adoption
• Integrate security controls into CI/CD pipelines and automate vulnerability scanning, dependency analysis, and security reporting
• Develop playbooks, documentation, and educational materials that promote self-service security within engineering teams
• Contribute to threat modeling, secure architecture discussions, and continuous improvement of secure SDLC processes

Technologies You’ll Work With

• SCA and vulnerability scanning platforms: Snyk, Mend, Dependabot, GitHub Advanced Security, Veracode, Checkmarx
• Cloud and container security: Wiz, Prisma Cloud, Docker, Azure
• CI/CD platforms and DevOps toolchains
• SBOM generation tools, artifact repositories, and package signing technologies
• Scripting and automation: Python, Bash, PowerShell, YAML

What You’ll Bring

• 5+ years of experience in Product Security, Application Security, DevSecOps, or Vulnerability Management
• 3+ years of hands-on experience with application security testing tools (SAST, DAST, SCA)
• 2+ years in vulnerability management, including triage, SLA tracking, and remediation coordination
• Familiarity with CVEs, CVSS scoring, SBOM concepts, and software supply chain security
• Experience with CI/CD platforms, modern DevOps workflows, and cloud-native technologies
• Bachelor's degree in Computer Science, Engineering, or equivalent experience

Bonus Skills

• Experience participating in or managing Security Champion programs
• Knowledge of OWASP Top 10 and secure coding practices for cloud-native and enterprise products
• Familiarity with IaC, regulated environments, and compliance-driven security activities
• Relevant certifications such as CSSLP, GWEB, CCSP, OSCP, or GPEN