Senior Staff Product Security Engineer

🕒 il y a 1 mois

🇺🇸 États-Unis – Télétravail

💵 $180 000 - $240 000 / an

⏰ Temps Plein

🟠 Senior

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Greenlight

Site WebLinkedInTous les Emplois

201 - 500 employés

Fondée en 2014

💳 Fintech

📚 Éducation

👥 B2C

💰 €260 000 000 Series D en 2021-04

Fintech • Education • B2C

Greenlight est une entreprise de technologie financière dédiée à fournir des outils et des expériences d'éducation financière pour les familles, en mettant particulièrement l'accent sur les enfants et les adolescents. Elle propose une carte de débit spécialement conçue pour les enfants, soutenue par une application qui permet aux parents de surveiller les dépenses, d'automatiser les allocations et de fixer des objectifs d'épargne. Greenlight facilite une expérience d'apprentissage complète en incorporant la gestion des corvées, des opportunités d'investissement et un jeu éducatif financier qui enseigne des compétences monétaires pratiques. Elle inclut également des fonctionnalités de sécurité telles que le partage de localisation et les alertes de conduite pour garder les familles connectées et en sécurité. Grâce à des partenariats avec des banques, l'application offre divers plans personnalisables qui encouragent des habitudes financières intelligentes dès le plus jeune âge.

Description

• Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements. • Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership. • Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team. • Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security. • Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, IaC policies, and API security frameworks. • Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform. • Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships. • Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data. • Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation. • Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape. • Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company.

🎯 Exigences

• 12+ years of experience in product security, application security, or a related engineering discipline. • Proven track record of defining and driving security programs at scale across complex, multi-platform environments. • Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale. • Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and mobile threat vectors (iOS and Android). • Deep hands-on experience with the full AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection. • Strong command of cloud security architecture and controls, particularly in AWS environments. • Experience leading or heavily influencing the security architecture of distributed, microservices-based systems. • Experience in developing and implementing security solutions • Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority. • Exceptional communication skills — you can distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike. • Experience operating in regulated industries (e.g. financial services, fintech, healthcare). • Plus: Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent — and/or public code/research. Share your GitHub or any public security work with us! • Plus: Experience building or scaling Product Security programs in high-growth startup environments. • Plus: Familiarity with security tools including Burp Suite, or Kali Linux.

🏖️ Avantages

• Medical, dental, vision, and HSA match • Paid life insurance, AD&D, and disability benefits • Traditional 401k with company match • Unlimited PTO • Paid company holidays and pop-up bonus holidays • Professional development stipends • Mental health resources • 1:1 financial planners • Fertility healthcare • 100% paid parental and caregiving leave, plus cleaning service and meals during your leave • Flexible WFH, both remote and in-office opportunities • Fully stocked kitchen, catered lunches, and occasional in-office happy hours • Employee resource groups