Description
We are seeking a Product Security Engineer II to join our growing security team. This role will be critical in ensuring the security of our products across the entire software development lifecycle (SDLC) and provide support on different security initiatives.
You will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment.
Key responsibilities include:
Supporting the execution of a comprehensive product security strategy that aligns with the company's goals and risk appetite. Working hands-on across code, infrastructure, and CI/CD to create agents, services, and pipelines that detect, prevent, and remediate risks leveraging AI where it adds value. Designing, building, and operating security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD. Performing manual design and implementation reviews of Greenlight products and services from a security perspective. Establishing and enforcing secure development standards (i.e., API security, security patterns, IaC, etc.) and best practices across the organization. Serving as a subject matter expert on the practical security of our AI and LLM ecosystem. Leading threat modeling exercises for novel AI systems applying advanced security and privacy best practices. Leveraging automations and tools to continuously test, fuzz, and validate products and platform components for security issues. Performing penetration testing and retesting to validate fixes. Responsible for triaging findings from security researchers and leading incident response for PSIRT. On-call support for incident response and leading product-related security events and vulnerabilities. Fostering a culture of security awareness and ownership across the Engineering and Product organizations. Staying current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.