Staff Product Security Engineer

Job not on LinkedIn

🕒 April 30

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Cherry

Cherry

201 - 500 employees

Founded 2019

💳 Fintech

🤝 B2B

Fintech • B2B

Cherry is a fintech platform that provides point-of-sale financing and payment plans for healthcare and veterinary practices, dental clinics, medspas, plastic surgery and dermatology providers. It lets consumers apply in about 60 seconds with an industry-leading approval rate, offers instant funding to practices, and handles repayments directly so providers receive payment within 2-3 business days. Cherry markets zero-interest short-term options (Pay-in-4), longer-term 0% APR promotions for qualifying treatments, reduced merchant fees, and customer support and marketing resources to help practices increase case acceptance and cash flow.

📋 Description

• Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform. • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes. • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products. • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security. • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks. • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities. • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection. • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence. • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization. • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.

🎯 Requirements

• 5+ years of experience in product security, application security, or a related security engineering role. • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management. • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code. • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation. • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders. • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment. • Nice to Have: Penetration testing experience, familiarity with payment industry security, experience at a FinTech, healthcare technology, or other regulated-industry company.

🏖️ Benefits

• Competitive Base + Bonus • Generous equity grant • Medical, vision, and dental benefits • Fully remote company • Flexible PTO

Apply Now

Similar Jobs

🕒 April 30

Stedi

51 - 200

⚕️ Healthcare Insurance

🔌 API

💳 Fintech

Head of Security managing security functions for a programmable healthcare clearinghouse startup. Overseeing incident readiness, regulatory obligations, and collaboration between teams.

Cloud

🕒 April 30

Reddit, Inc.

501 - 1000

👥 B2C

📱 Media

🌍 Social Impact

Staff Product Security Engineer leading secure development frameworks and driving product security reviews at Reddit. Focused on integrating security into engineering workflows.

JavaScript

Python

TypeScript

Go

🕒 April 30

ASSA ABLOY Opening Solutions

10,000+ employees

🔐 Security

🔧 Hardware

🤝 B2B

As a Product Security and Privacy Architect, you'll lead governance and establish security requirements for HID's security and privacy initiatives. Drive innovation in security architecture while collaborating globally.

Cloud

🕒 April 25

Gainwell Technologies

10,000+ employees

⚕️ Healthcare Insurance

Information Security Advisor ensuring secure computer systems and data protection. Leading audits, investigations, and compliance with security policies in a technology-driven environment.

🕒 April 24

Veeam Software

1001 - 5000

☁️ SaaS

🔒 Cybersecurity

🏢 Enterprise

Sales Specialist focusing on Securiti AI solutions, driving revenue within assigned accounts and collaborating with account executives. Join Veeam, the market leader in data resilience and security posture management.

Cyber Security