Staff Product Security Engineer

Emploi pas sur LinkedIn

🕒 il y a 1 mois

🇺🇸 États-Unis – Télétravail

⏰ Temps Plein

🔴 Expert

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Cherry

Site WebLinkedInTous les Emplois

201 - 500 employés

Fondée en 2019

💳 Fintech

🤝 B2B

Fintech • B2B

CHERRY est un leader mondial dans le développement et la fabrication de dispositifs d'entrée de haute qualité et de solutions technologiques, spécialisé dans les claviers, souris et accessoires connexes pour les environnements de jeu et de bureau. Avec un accent prononcé sur la conception ergonomique, la technologie de commutation mécanique, et l'hygiène, CHERRY fournit également des solutions sur mesure pour des secteurs comme le médical, où ils offrent des claviers et terminaux désinfectables. Leur engagement envers l'innovation et la qualité a établi CHERRY comme une référence fiable pour les produits destinés aussi bien aux consommateurs qu'aux professionnels.

Description

• Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform. • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes. • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products. • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security. • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks. • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities. • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection. • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence. • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization. • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.

🎯 Exigences

• 5+ years of experience in product security, application security, or a related security engineering role. • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management. • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code. • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation. • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders. • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment. • Nice to Have: Penetration testing experience, familiarity with payment industry security, experience at a FinTech, healthcare technology, or other regulated-industry company.

🏖️ Avantages

• Competitive Base + Bonus • Generous equity grant • Medical, vision, and dental benefits • Fully remote company • Flexible PTO