Product Security Engineer

🕒 January 26

🗽 New York – Remote

🗽 New York – Remote

💵 $170k - $200k / year

⏰ Full Time

🟢 Junior

🟡 Mid-level

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Movable Ink

WebsiteLinkedInAll Job Openings

501 - 1000 employees

🤝 B2B

☁️ SaaS

🥽 AR/VR

💰 $55M Series D on 2022-04

B2B • SaaS • AR/VR

Movable Ink is a leader in personalized marketing, utilizing AI and automation to deliver tailored content to customers across various touchpoints, such as email and mobile. Their solutions, including the Movable Ink Studio and Da Vinci, empower retail, financial services, media organizations, and travel & hospitality sectors by transforming data into unique customer experiences in real-time. The company collaborates with a vast network of strategic partners, enhancing existing marketing technologies to achieve remarkable revenue and customer engagement. Movable Ink's expertise is endorsed by studies, such as the Forrester Consulting Total Economic Impact™ study, highlighting significant financial benefits for users. Through their innovative use of AI, Movable Ink drives next-level personalization and marketing performance.

📋 Description

• Implement and maintain static application security testing (SAST) using Semgrep across our repositories • Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies • Manage secrets detection scanning (Trufflehog) and respond to findings • Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged • Triage and prioritize vulnerability findings, working with engineering teams to drive remediation • Support dynamic application security testing (DAST) efforts using tools like ZAP • Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation • Set up and configure automation scripts to support our vulnerability management practices • Document secure coding guidelines and help educate developers on security best practices • Evaluate and recommend new security tools as the landscape evolves

🎯 Requirements

• 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role • Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar) • Familiarity with CI/CD pipelines and GitHub Actions • Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them • Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred) • Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings • Strong written communication skills for documentation and customer-facing security responses • Self-motivated and able to manage competing priorities in a fast-paced environment.

🏖️ Benefits

• Medical benefits • Financial benefits