Greenlight Financial Technology9 дней назад

Staff Product Security Engineer

Full TimeAtlanta (Remote Friendly)

Обязанности

  • 01Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA and attack tree methodologies
  • 02Translate threats into actionable, risk-rated engineering remediations prioritized by severity
  • 03Conduct hands-on penetration testing and security assessments across our full product stack producing actionable reports for engineering and leadership
  • 04Red-Team our AI powered products and development tools to test for prompt injection, data exfiltration, MCP server exploitation, and tool misuse
  • 05Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents
  • 06Shape the posture of our AI assisted development environment defining and enforcing enterprise policies for claude and cursor
  • 07Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers and collaborating with the AI team on securing ML pipelines
  • 08Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products and ensuring every engineer understands that product security is an enabler and not a gate

Требования

  • 0110+ years of product security experience spanning application security, cloud security, and secure SDLC
  • 02Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded and AI systems
  • 03Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware
  • 04PSIRT operational experience from vulnerability intake and triage
  • 05Deep hands down AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile and have practical experience with MITRE
  • 06Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor
  • 07Strong programming ability and capability to review code, build security tools, automate workflows and be credible with the engineering teams you partner with
  • 08Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications
  • 09Strong knowledge of programing language & frameworks (i.e. Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (i.e. AWS, GCP, Kubernetes, Ambassador, Helm), and databases (i.e. MySQL, DynamoDB, Redis)
  • 10Ability to influence without authority, mentor without managing , and communicate complex risks in a language that resonates with engineers, product managers, legal and compliance and executives alike

Условия

  • 01Medical, dental, vision, and HSA match
  • 02Paid life insurance, AD&D, and disability benefits
  • 03Traditional 401k with company match
  • 04Unlimited PTO
  • 05Paid company holidays and pop-up bonus holidays
  • 06Professional development stipends
  • 07Mental health resources
  • 081:1 financial planners
  • 09Fertility healthcare
  • 10100% paid parental and caregiving leave, plus cleaning service and meals during your leave
  • 11Flexible WFH, both remote and in-office opportunities
  • 12Fully stocked kitchen, catered lunches, and occasional in-office happy hours
  • 13Employee resource groups
  • 14Competitive compensation