Product Security Engineer

Job not on LinkedIn

🕒 May 6

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

ShopBack

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2014

🛍️ eCommerce

👥 B2C

💳 Fintech

💰 $40M Series F on 2022-12

eCommerce • B2C • Fintech

ShopBack is an online shopping platform that rewards customers for their purchases. By using the ShopBack app or browser extension, users can discover the best prices and offers, pay easily with e-payment methods, and receive cashback rewards. ShopBack partners with over 20,000 online and physical stores and is available in 12 markets including Australia, Germany, Hong Kong, and more. The platform has awarded over US$475 million in cashback to its 45 million users. It offers popular features such as cashback, payments, and vouchers, making it a favorite for shoppers looking to maximize their savings.

📋 Description

• Partner directly with engineering, SRE, and platform teams to build security into every phase of the software development lifecycle from design through production. • Own threat modeling and secure design reviews for new features, lead vulnerability analysis and secure code reviews across our microservices and mobile applications, and help mature our AI-first security toolings. • Run and improve ShopBack's vulnerability management program, prioritizing findings using EPSS, CISA KEV, and business context, and driving time-to-remediation through automation and partnership with engineering teams. • Support incident response for product security incidents including blast radius analysis, root cause analysis, variant hunting, and post-incident hardening. • Partner with compliance on evidence and controls for multiple audits bridging engineering reality with audit requirements.

🎯 Requirements

• 3 to 4 years of hands-on product or application security experience — including securing cloud-native, microservices, and mobile applications in production environments. • Strong threat modeling skills — practiced with STRIDE, attack trees, or equivalent frameworks. • Design review depth — able to read an architecture diagram or PRD and identify weak authentication, authorization gaps, data exposure risks, insecure integrations, and systemic issues. • Vulnerability analysis and secure code review — proficient reviewing code (Node.js/TypeScript, Python, Go, or similar) for OWASP Top 10, business logic flaws, authz issues, and supply chain risks. • Programming proficiency — at least one of Python, TypeScript/Node.js, or Go. • Genuine fluency with modern AI tooling — you use LLMs, coding agents, and MCP-based tooling in your day-to-day security work. • Understanding of AI/ML security risks — prompt injection, data exfiltration via agents, insecure tool use, model supply chain, and related attack classes. • Builder mindset for AI-first security — excited by the idea of architecting security workflows with AI as a first-class capability. • Learning to Execution Mentality — keep up with the next-gen technology being released, cutting the noise and clutter, and applying those insights into tooling and processes. • Pragmatic and high-signal — focus on high-severity, high-impact findings and are allergic to low-severity noise. • Strong written communication — reduce a complex finding to a crisp risk statement, a clear recommendation, and a realistic remediation path for a busy engineering team. • Collaborative by default — drive outcomes through partnership with engineering, not gatekeeping. • Comfortable with ambiguity and ownership.

🏖️ Benefits

• Competitive compensation based on your performance. • Career progression paths and opportunities to take on greater challenges that help you realise your ambitions. • Candid, open, and collaborative culture where feedback is valued, for everyone to grow and improve every day.