# Senior Staff Product Security Engineer **Company**: Greenlight **Location**: Atlanta **Work arrangement**: remote **Experience**: senior **Job type**: full-time **Salary**: $180,000-240,000 **Category**: Engineering **Industry**: Finance **Apply**: https://jobs.lever.co/greenlight/711f30d6-52d5-462b-94ac-72d96cc3e01c?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_1793aad4-3d5 ## Description Greenlight is seeking a Senior Staff Product Security Engineer to join its security leadership team. This senior individual contributor role carries significant organisational influence, defining the technical vision for product security at Greenlight and setting the standard for secure software development. The ideal candidate brings deep, hands-on expertise paired with a strategic mindset to drive large-scale security initiatives from concept to production. Responsibilities include: - Defining and leading the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements - Serving as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership - Driving a company-wide culture of security ownership, embedding security thinking deeply into the habits of every engineering team - Architecting and continuously evolving a best-in-class Product Security program, spanning threat modelling, SAST, DAST, IAST, SCA, runtime protection, and API security - Leading the design and enforcement of secure development standards across web, mobile, and cloud, including secure coding guidelines, IaC policies, and API security frameworks - Identifying and driving resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform - Leading and maturing Greenlight's penetration testing program, both through internal efforts and external vendor partnerships - Partnering with engineering and platform teams to build security-enhancing product features that protect customers' financial data - Establishing and leading incident response processes for product-level security events, including root cause analysis and systemic remediation - Evaluating and introducing emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape - Mentoring staff and senior engineers across the security and engineering organisations, raising the overall security engineering capability of the company The successful candidate will have: - 12+ years of experience in product security, application security, or a related engineering discipline - Proven track record of defining and driving security programs at scale across complex, multi-platform environments - Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale - Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and mobile threat vectors (iOS and Android) - Deep hands-on experience with the full AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection - Strong command of cloud security architecture and controls, particularly in AWS environments - Experience leading or heavily influencing the security architecture of distributed, microservices-based systems - Experience in developing and implementing security solutions - Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority - Exceptional communication skills , able to distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike - Experience operating in regulated industries (e.g. financial services, fintech, healthcare) Benefits include: - Medical, dental, vision, and HSA match - Paid life insurance, AD&D, and disability benefits - Traditional 401k with company match - Unlimited PTO - Paid company holidays and pop-up bonus holidays - Professional development stipends - Mental health resources - 1:1 financial planners - Fertility healthcare - 100% paid parental and caregiving leave, plus cleaning service and meals during leave - Flexible WFH, both remote and in-office opportunities - Fully stocked kitchen, catered lunches, and occasional in-office happy hours - Employee resource groups ## Skills ### Required - Node.js - Java/Kotlin - React - Redux - Swift - SwiftUI - AWS - GCP - MySQL - DynamoDB - Redis - Kubernetes - Ambassador - Helm - Rancher - OWASP Top 10 - API security - mobile threat vectors - SAST - DAST - IAST - SCA - secrets scanning - runtime protection ### Nice to have - OSCP - GWAPT - GPEN - CISSP - Burp Suite - Kali Linux --- Source: [Apply at jobs.lever.co](https://jobs.lever.co/greenlight/711f30d6-52d5-462b-94ac-72d96cc3e01c?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)