Senior Product Security Engineer

September 20

Apply Now

Receive Emails with Similar Jobs

LaunchDarkly

WebsiteLinkedInAll Job Openings

SaaS • Enterprise

LaunchDarkly is a software company offering a platform for feature management and experimentation. Its solutions allow developers to control software releases through feature flags, enabling safeguarded and progressive rollouts. The platform integrates with various developer tools and supports multiple programming languages to streamline deployment and improve the developer experience. LaunchDarkly's solutions cater to industries including financial services, healthcare, high tech, retail, and government, among others, providing a robust infrastructure that aids in delivering customized and targeted user experiences.

201 - 500 employees

Founded 2014

☁️ SaaS

🏢 Enterprise

💰 $200M Series D on 2021-08

📋 Description

• Ensure the safety of customers' data and the resilience of LaunchDarkly’s platform • Serve as a senior advisor to Product and Engineering teams, providing expert guidance on secure design, architecture, and implementation • Lead complex security reviews for new products, features, and integrations, identifying risks early and building resilient solutions • Drive and own cross-functional security initiatives (e.g., secure development standards, dependency management, bug bounty program management, threat modeling exercises) • Anticipate and address emerging risks, prioritize and remediate critical vulnerabilities • Mentor other engineers, security champions, and stakeholders to raise LaunchDarkly’s overall security posture • Partner with Security leadership to develop security metrics, reporting, and strategy • Act as a key contributor to incident response, root cause analysis, and lessons-learned activities • Represent security in cross-organizational forums, influencing product roadmaps and technical direction • Report to the Director of Security and collaborate with software engineers, product managers, and other security engineers to reduce platform risk

🎯 Requirements

• Have 5+ years of experience in application security, product security, or a related role • Have strong software engineering skills and can write & review secure, maintainable code in at least one modern programming language (e.g., Go, Python, JavaScript/TypeScript) • Can demonstrate proactive approaches to security that have effectively improved team productivity by reducing reactive work • Know how to effectively integrate security into the software development lifecycle, including build pipelines and developer tooling • Have experience with leveling up other engineering teams by improving their security awareness and practical skills that help to avoid security bugs in production • Communicate clearly and work effectively across teams, building relationships and collaborating with product managers, developers, and infrastructure teams • Are self-directed and comfortable in fast-moving or ambiguous environments — you can identify problems and lead the way to solve them • Ready to jump into an active product & application security program with a great team, looking for ways to support existing team members and innovate the program further • Have experience securing cloud-native applications (especially on AWS), including modern infrastructure-as-code, microservices, and service mesh environments • Understand the types of security issues common in SaaS platforms (e.g., SSRF, IDOR, SQL injection, XSS, etc.) and know how to discover them early and address the root causes • Familiar with common security frameworks (e.g. OWASP Top 10, CWE Top 25, CIS Critical Security Controls, BNGO Framework, MITRE ATT@CK Framework)

🏖️ Benefits

• Restricted Stock Units (RSUs) • Health insurance • Vision insurance • Dental insurance • Mental health benefits • Pay transparency about target pay ranges • Remote work (Remote - US) • Disability accommodation via accommodations request form