Senior Product Security Engineer

2 days ago

Apply Now

Receive Emails with Similar Jobs

Mirantis

WebsiteLinkedInAll Job Openings

Cloud Computing • Enterprise • SaaS

Mirantis is a company that specializes in container management and cloud infrastructure solutions. It offers a range of products, including Mirantis Kubernetes Engine (MKE), Mirantis OpenStack for Kubernetes (MOSK), and Mirantis Container Cloud (MCC), which provide enterprise-level Kubernetes and container management platforms. Mirantis also develops tools for secure software supply chains, such as the Mirantis Container Runtime (MCR) and Mirantis Secure Registry (MSR). As an advocate for open source technologies, Mirantis supports various projects and provides resources like Lens Desktop, a popular Kubernetes IDE, and technical support for enterprises adopting cloud-native technologies. Their solutions cater to sectors such as public services, financial services, and broader SaaS and technology services industries.

501 - 1000 employees

🏢 Enterprise

☁️ SaaS

📋 Description

• Secure Products & Infrastructure: Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines to align with internal security standards and regulatory frameworks (e.g., SOC 2, ISO 27001). • Drive adoption of modern security tooling and practices including SAST, DAST, container image scanning, Infrastructure as Code (IaC) security, and dependency analysis. • Offensive Security & Vulnerability Management: Lead vulnerability assessments, application security reviews, and penetration tests. • Triage and prioritize findings, collaborating with product and engineering teams to drive timely and measurable remediation. • Proactively identify and exploit vulnerabilities to strengthen product security posture. • Incident Response Support: Partner with Security Operations and Engineering to investigate application and infrastructure vulnerabilities. Contribute to root cause analysis, remediation plans, and long-term risk reduction. • Compliance & Assurance: Support security reviews, audits, and compliance initiatives through documentation, evidence collection, and coordination with external auditors or vendors. • Cross-Product Security Coverage: Build and maintain security expertise across multiple Mirantis products to strengthen team resilience, provide flexible coverage, and help shape a scalable, sustainable Product Security program. • Security Advocacy & Enablement: Champion secure design and development practices, provide actionable guidance during security reviews, and drive security automation efforts across the SDLC.

🎯 Requirements

• 5+ years of experience in product security, application security, or a related security engineering role. • Strong understanding of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25) and secure development best practices. • Demonstrated experience performing offensive security activities such as manual penetration testing, threat modeling, and exploitation of vulnerabilities. • Hands-on experience with security testing and automation, including: SAST/DAST tooling and pipelines, Container image scanning (e.g., Trivy, Grype, Anchore), IaC security (e.g., Terraform, Helm, Kics, Checkov), Dependency and supply chain security tooling. • Familiarity with vulnerability scanning and management tools, application security testing, and manual review techniques. • Experience with containerized environments, Kubernetes, and cloud platforms. • Proven ability to integrate security controls into CI/CD pipelines and automate security testing as part of the SDLC. • Excellent collaboration and communication skills, with the ability to work closely with product and engineering teams. • Experience with SOC 2, ISO 27001, or similar compliance frameworks is a plus. • Relevant certifications such as OSCP, OSEP, OSWE, or SANS/GIAC certifications (e.g., GPEN, GWEB, GWAPT, GCSA), or other equivalent offensive security and application security credentials are strongly preferred. • Proficiency in scripting or programming languages (e.g., Go, Python or similar) is an advantage.

🏖️ Benefits

• Work with an established Silicon Valley leader in the cloud infrastructure industry. • Work with exceptionally passionate, talented and engaging colleagues, helping Fortune 500 and Global 2000 customers implement next-generation cloud technologies. • Be a part of cutting-edge, open-source innovation. • Thrive in the high-energy environment of a young company where openness, collaboration, risk-taking, and continuous growth are valued. • Professional development and training. • Attend conferences and working groups. • Customized workstation (macOS, Windows). • A competitive compensation package with strong benefits plan and stock options.