Staff Product Security Engineer

Vaga não está no LinkedIn

🕒 Abril 30

🇺🇸 Estados Unidos – Remoto (EUA)

⏰ Tempo Integral

🔴 Especialista

👮‍♂️ Cibersegurança / Engenheiro de Segurança

🦅 Patrocina Visto H1B

Esta empresa já patrocinou vistos H1B no passado.

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Cherry

SiteLinkedInTodas as Vagas

201 - 500 funcionários

Fundada em 2019

💳 Fintech

🤝 B2B

Fintech • B2B

A CHERRY é líder global no desenvolvimento e fabricação de dispositivos de entrada de alta qualidade e soluções tecnológicas, especializando-se em teclados, mouses e acessórios relacionados para ambientes de jogos e escritório. Com forte ênfase em design ergonômico, tecnologia de switches mecânicos e higiene, a CHERRY também oferece soluções personalizadas para setores como o de saúde, onde disponibilizam teclados e terminais desinfectáveis. Seu compromisso com a inovação e qualidade estabeleceu a CHERRY como um nome confiável para produtos de grau consumidor e profissional.

Descrição

• Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform. • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes. • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products. • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security. • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks. • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities. • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection. • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence. • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization. • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.

🎯 Requisitos

• 5+ years of experience in product security, application security, or a related security engineering role. • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management. • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code. • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation. • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders. • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment. • Nice to Have: Penetration testing experience, familiarity with payment industry security, experience at a FinTech, healthcare technology, or other regulated-industry company.

🏖️ Benefícios

• Competitive Base + Bonus • Generous equity grant • Medical, vision, and dental benefits • Fully remote company • Flexible PTO