Senior Product Security Engineer

🕒 il y a 8 jours

🇺🇸 États-Unis – Télétravail

⏰ Temps Plein

🟠 Senior

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

BeyondTrust

Site WebLinkedInTous les Emplois

1001 - 5000 employés

Fondée en 1985

🔒 Cybersecurity

💰 Private Equity Round en 2021-05

Cybersecurity

BeyondTrust est une entreprise spécialisée dans les solutions de cybersécurité. Elle conçoit des produits et des services visant à protéger les organisations contre les menaces internes et externes. Ses solutions s’appuient notamment sur le Privileged Access Management (PAM) pour sécuriser et gérer les identités et les identifiants des utilisateurs accédant aux systèmes et aux données critiques.

Description

• Build and maintain the product security tooling pipeline integrated across the software development lifecycle. Implement and tune Claude Code Security, Codex Security, GitHub Advanced Security (code scanning, secret scanning, Dependabot), and Wiz CLI across repositories and CI/CD pipelines. Own the configuration, policy enforcement, and continuous improvement of these tools so engineering teams get accurate, actionable security feedback at the speed of development. • Design and operate automated product security review workflows with human-in-the-loop checkpoints. Use Claude and LLM platforms to automate initial review triage, risk classification, and recommendation generation, escalating to Security Architects or senior engineers for decisions that require judgment. The goal is every change gets appropriate security review coverage without manual review becoming the bottleneck. • Ensure security tooling integrates cleanly into engineering workflows: GitHub PRs, CI/CD pipelines, IDE plugins, and developer dashboards. Reduce false positives, tune rulesets to the product's actual risk profile, and build feedback loops so findings improve over time. You own the engineering experience of security tooling. When a developer interacts with a security gate, it should be clear, fast, and useful. • Leverage Claude Code Security, Codex Security, and LLM platforms to build automation that scales security engineering. This includes automated code review triage, vulnerability pattern detection, fix suggestion generation, policy-as-code enforcement, and security review summarization. Contribute reusable prompts, skills, and plugins back to the Product Security team's shared library. • Support product incident response alongside the Product Security team. Help investigate security incidents affecting products, scope impact, coordinate with engineering on emergency fixes, and contribute to root cause analysis and post-incident improvements. • Work closely with Security Testers to ensure scanning and automated tooling feed validated findings into their workflow. Partner with Architects on translating secure design standards into enforceable pipeline policies. Coordinate with the TPM on tracking and reporting for tooling-generated findings. Be the go-to person for engineering teams on security tooling questions, configuration, and troubleshooting.

🎯 Exigences

• 4+ years in Application Security, Product Security, DevSecOps, or Security Engineering with hands-on experience building and operating security tooling in CI/CD pipelines • Experience implementing and tuning SAST, DAST, SCA, and secret scanning tools in GitHub-integrated environments (GitHub Advanced Security, CodeQL, Dependabot, or equivalent) • Hands-on experience with AI-powered security tooling such as Claude Code Security, Codex Security, or similar LLM-based code analysis platforms • Strong understanding of CI/CD pipeline architecture and how security controls integrate without disrupting developer velocity • Experience building automation workflows: scripting, pipeline configuration, policy-as-code, webhook integrations, and workflow orchestration • Familiarity with container security scanning tools (Wiz CLI, Trivy, Snyk Container, or equivalent) and cloud security fundamentals (AWS preferred) • You understand common vulnerability classes well enough to tune tooling, triage findings, and have credible conversations with engineers about severity and remediation • Strong collaboration skills. You'll work across Security Testers, Architects, TPM, and engineering teams daily and need to communicate effectively with all of them • Automation-first mindset. You default to building repeatable, scalable workflows and reach for manual processes only when automation genuinely falls short • Experience with GitHub Advanced Security at scale: CodeQL custom queries, secret scanning custom patterns, and organization-wide rollout • Background operating Wiz CLI or similar cloud/container security scanning integrated into CI/CD • Experience supporting product incident response or security incident investigation • Familiarity with policy-as-code frameworks (OPA/Rego, Kyverno, or similar) • Background in securing endpoint technologies, identity systems, or enterprise security platforms • Experience building developer enablement programs, security documentation, or self-service security tooling • Cloud security experience across AWS, Azure, or Kubernetes environments.

🏖️ Avantages

• Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected. • We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.