Security Engineer - Product Security

Join Scale AI as a highly skilled Security Engineer in our Product Security team, where you will play a pivotal role in safeguarding the security and integrity of our products and services. This position involves conducting comprehensive code reviews, implementing security best practices, and shaping our overarching security strategy. Your proficiency in TypeScript, Python, AWS, CI/CD, SAST, DAST, and Terraform orchestration will be vital in detecting and addressing potential security threats. You will have the opportunity to analyze complex issues, identify root causes independently, and articulate the complexities and implications of security vulnerabilities, including their potential for exploitation and impact. Your responsibilities will include:Utilizing extensive product security knowledge to design and maintain software tools that secure every layer of the modern AI/ML software ecosystem.Conducting thorough code reviews to identify and rectify security vulnerabilities.Assessing and improving the security of our product offerings through RFC and service evaluations.Establishing and sustaining CI/CD pipelines with a strong emphasis on security.Executing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to uncover vulnerabilities in production code.Employing Terraform orchestration to maintain secure and efficient infrastructure management.Advising engineering teams on developing robust, long-term solutions that prioritize security and privacy.Clearly communicating the mechanics and significance of security vulnerabilities, including their exploitability and potential consequences.Contributing to the security strategy and direction of the team, advocating for best practices and ongoing enhancements. Ideal candidates will possess:A proven track record of independently driving multi-month security initiatives, from problem identification to execution, with minimal oversight.Significant experience as a Security Engineer with an emphasis on product security.Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes.A strong grasp of modern JavaScript application design.Practical experience in operating and securing AWS infrastructure at scale.Hands-on experience with SAST and DAST tools and methodologies.Familiarity with Terraform orchestration for managing infrastructure.Capability to analyze complex problems and identify root causes independently, providing actionable insights without managerial input.Exceptional communication skills, enabling clear presentation of technical concepts to diverse audiences.

About Cogent SecurityCogent Security is at the forefront of cybersecurity innovation, leveraging Applied AI to develop next-generation AI agents. In an era where cyber attacks evolve rapidly, our AI Taskforce analyzes vast amounts of enterprise data to proactively address vulnerabilities and prevent critical breaches.We combine pioneering research with practical execution, ensuring that our innovative solutions meet real-world challenges. Our Cogent Research division acts as our dedicated AI lab, driving the development of advanced security workflows.Since our emergence from stealth mode, we have rapidly grown, collaborating with Fortune 500 companies to secure complex production environments globally.Supported by Greylock, we have gathered a team of top talent from renowned institutions and leading organizations in the AI and cybersecurity sectors.About the RoleAs an Agent Engineer at Cogent Security, you will be pivotal in designing, building, and deploying critical AI agents tailored for complex client environments. Your role is highly cross-functional, involving direct collaboration with customers to understand their unique needs, adapting our platform accordingly, and iterating on scalable solutions to handle millions of real-world security events.You will manage projects from inception to deployment, including data onboarding and integrating feedback into our core agent platform. Your contributions will shape how AI agents detect threats, triage incidents, and automate security workflows for some of the most sophisticated organizations worldwide.This position is ideal for engineers who excel in dynamic environments, enjoy tackling complex technical challenges, and wish to see the tangible impact of their work.

About the RoleJoin our innovative Product Security team as an Entry-Level Security Engineer. We are seeking a proactive individual with a builder’s mindset who is eager to learn and contribute to both planned initiatives and real-time security needs with supportive mentorship.In this hands-on role, you will collaborate across Infrastructure, Application, and Enterprise Security, where responsibilities may overlap. Your contributions will include the design and implementation of security controls, reviewing technical designs, and addressing findings from security researchers and penetration testers. You will write code, develop automation solutions, and utilize AI tools to enhance your productivity and strengthen our security practices. This position offers exposure to a diverse range of security challenges, accelerating your professional growth as a security engineer.

Employee Applicant Privacy Notice About SoFi SoFi is a national bank and financial services provider focused on helping millions of members achieve their financial goals. The company builds mobile-first technology that empowers users to take control of their finances. SoFi’s work directly impacts people’s lives and shapes the financial industry. Core values guide the team as they work to improve both careers and the broader financial landscape. Role Overview The Security Product Lead for Product & AI Security sets the strategy, roadmap, and measurable outcomes for securing SoFi’s product lifecycle and supporting AI/ML initiatives. This position sits within the Security Strategy & Delivery team and works closely with leaders and teams in Product Security, Engineering, and Data Science/AI. Main Responsibilities Define and communicate the strategic direction for Product Security and AI Security as internal security products. Align security initiatives with enterprise risk priorities. Develop and maintain a clear roadmap for security capabilities. Establish and track key performance indicators (KPIs) to measure success. Implement structured program governance for security initiatives. Collaborate across teams to integrate security controls throughout the software development lifecycle (SDLC). Address unique risks associated with AI/ML systems. Influence stakeholders and drive alignment without direct authority. Help protect member trust, company assets, and support business stability and growth. Location Roles are available in Seattle, WA; Cottonwood Heights, UT; San Francisco, CA; New York City, NY; and Frisco, TX.

About ValonValon is pioneering the AI-driven operating system for regulated finance, beginning with mortgage servicing. As a Series C company backed by a16z, we are revolutionizing sectors that many deemed too complex for innovation.Instead of relying on outdated legacy systems, we took an innovative route by developing and managing our own mortgage servicing business, overseeing over $110 billion in loans. This strategic choice has allowed us to gain profound insights into the complexities necessary to create software that genuinely functions in regulated industries.The results are remarkable. We've turned mortgage servicing from a 0% margin industry into one that boasts margins exceeding 60%, all while significantly enhancing customer satisfaction. Major enterprise contracts are now rolling out across the sector.ValonOS is our comprehensive platform that structures and automates every process, positioning us perfectly for the AI era. With a single system powered by rich data, our AI agents not only streamline tasks but also perpetually enhance overall operations. While mortgage servicing is our starting point, our vision extends to transforming regulated industries and beyond.Security at ValonOur clients entrust us with their most sensitive financial information, and our Security team’s foremost mission is to implement robust programs, processes, and automation to protect this data. We safeguard the infrastructure and data involved in processing billions of dollars in mortgage loans.Beyond protecting Valon’s internal systems, our Security team collaborates closely with Product and Engineering teams to design and deliver secure, scalable, and reliable features for ValonOS. We work cross-departmentally to embed security throughout the organization, regularly engaging with external security auditors, pentesting firms, and partners to continuously assess and enhance Valon’s security posture.Valon has offices in New York City and San Francisco, but we fully embrace remote work!

At Crusoe, we are on a mission to accelerate the accessibility of energy and intelligence for everyone. Join us in creating the infrastructure that enables individuals to innovate boldly with AI, all while maintaining a commitment to scale, speed, and sustainability.Become a key player in the AI revolution through sustainable technology at Crusoe. Here, you will spearhead groundbreaking innovations, make a significant impact, and collaborate with a team dedicated to shaping the future of responsible cloud infrastructure.Role Overview:Crusoe AI is seeking a Senior Product Security Engineer to play a pivotal role in protecting our cloud products and applications, particularly those centered on AI/ML, throughout their entire lifecycle.In this position, you will lead the establishment and enforcement of security best practices within the development lifecycle. Your responsibilities will include performing comprehensive threat modeling, executing security assessments, and working closely with product and engineering teams to strengthen our security posture, ensuring the robustness of our innovative solutions and the protection of customer data.Your Daily Responsibilities:Collaborate with product and engineering teams to embed security best practices into the software development lifecycle.Conduct threat modeling, security architecture evaluations, design assessments, and code reviews for new product initiatives. Perform penetration testing, vulnerability assessments, and security evaluations of product features and systems.Create and implement security automation tools to monitor and test code and software for vulnerabilities.Establish and maintain secure coding protocols and procedures tailored for cloud and Kubernetes environments.Proactively detect and mitigate risks in user-facing processes and critical infrastructure.Lead security education, training, and mentorship initiatives to cultivate a culture of security awareness across all teams.Identify and manage security vulnerabilities, ensuring they are documented, prioritized, and addressed promptly.Qualifications for Success:You possess 4-6+ years of experience in Information Security, with a specialization in application or product security.You have proficiency in cloud platforms such as AWS, GCP, or Azure, and expertise in Kubernetes orchestration as well as automation scripting (e.g., Python).

About Cogent SecurityCogent Security is pioneering the future of cybersecurity through Applied AI, creating advanced AI agents designed to combat rapidly evolving cyber threats. Our AI Taskforce analyzes vast datasets to neutralize potential breaches before they impact our clients.Our commitment to innovation combines cutting-edge research with practical application, ensuring our solutions are at the forefront of technology. In addition to our product development, Cogent Research acts as our applied AI laboratory, supplying the expertise required to create highly effective security workflows.Since our launch from stealth mode, Cogent has seen remarkable growth, collaborating with Fortune 500 companies to secure some of the most intricate production environments globally.Backed by Greylock, our team consists of exceptional talents from leading universities such as Stanford, Berkeley, and Carnegie Mellon, as well as high-growth companies like Scale AI and Tesla, and cybersecurity experts from stalwarts like Wiz and DeepMind.

About Cogent SecurityCogent Security is an innovative Applied AI Lab pioneering the future of AI agents in the realm of cybersecurity. In a world where cyber threats evolve at unprecedented speeds, our 'AI Taskforce' analyzes vast amounts of enterprise data to proactively address vulnerabilities and avert critical breaches.We remain at the forefront of technology by merging cutting-edge research with practical applications. Our dedicated Cogent Research team fuels our mission, ensuring we develop truly effective security workflows powered by AI.Since our inception, Cogent has rapidly grown, collaborating with Fortune 500 companies to safeguard the most intricate production environments globally.Supported by Greylock, our team comprises some of the brightest minds in applied AI, including experts from:Renowned universities such as Stanford, Berkeley, Penn, Duke, Carnegie Mellon, and Waterloo.High-growth unicorn companies like Scale AI, Databricks, Stripe, Tesla, and Coinbase.Leading cybersecurity specialists from Wiz, Abnormal AI, and Zscaler.Prestigious research institutions including DeepMind and SAIL.About the RoleAs we embark on building a suite of backend services and integrations with our design partners, we seek passionate and skilled Backend Engineers at both Senior and Staff levels, eager to thrive in the Applied AI domain.ResponsibilitiesDesign and implement critical backend subsystems and integration platformsComprehend business objectives and customer requirements to engineer backend subsystems that align with our technology strategies.Adapt systems to meet evolving needs of design partners and clients.Incorporate non-functional requirements such as compliance and security into system design.Establish scalable infrastructure foundationsPrepare for future growth in customer base, headcount, and data management by collaborating with your team to enhance infrastructure.

Astranis is on the forefront of satellite technology, developing advanced satellites designed for high orbits that expand humanity’s reach into the solar system. Our innovative satellites deliver dedicated, secure communication networks to a diverse range of clients, including large enterprises, sovereign governments, and the US military. With five satellites currently in orbit and numerous launches planned, we are proudly managing a backlog exceeding $1 billion in commercial contracts.Astranis is the go-to satellite communications partner for clients with rigorous demands for uptime, data security, and network customization. Having raised more than $750 million from some of the most recognized investors, including Andreessen Horowitz, Blackrock, and Fidelity, we boast a talented team of 450 engineers and entrepreneurs. Our operations are based in a state-of-the-art 153,000 sq. ft. facility in Northern California, USA.Senior Product Security EngineerAs a Senior Product Security Engineer at Astranis, you will leverage your extensive software engineering expertise with a strong focus on security. You will be tasked with designing and building secure systems, specializing in critical areas such as cryptography, Public Key Infrastructure (PKI), and zero trust architectures. Your role will encompass evaluating processes, operating systems, and applications from a security-first engineering perspective. While your primary responsibility will be to develop secure software, you will also play a key role in identifying vulnerabilities, conducting risk analyses, and leading thorough security reviews.

About Cogent SecurityCogent Security is at the forefront of innovation in cybersecurity, operating as an Applied AI Lab dedicated to developing next-generation AI agents. In an era where cyber threats evolve rapidly, our "AI Taskforce" analyzes vast amounts of enterprise data to proactively address vulnerabilities and prevent significant breaches.Blending cutting-edge research with practical implementation, our team works diligently to transform theoretical concepts into actionable security solutions. Our applied AI lab, Cogent Research, provides essential research capabilities that enable the realization of autonomous security workflows.Since our emergence from stealth mode, Cogent has seen impressive growth, collaborating with Fortune 500 companies to enhance security in some of the world’s most complex environments.Supported by Greylock, we have assembled a team of top-tier talent from influential universities and leading companies in the tech and cybersecurity sectors.

At Bugcrowd, we have been revolutionizing the way organizations defend against cyber threats since 2012. Our patented Security Knowledge Platform™, powered by data and AI, harnesses the collective expertise of a trusted network of elite hackers. By identifying hidden vulnerabilities and adapting to ever-evolving threats, including zero-day exploits, we empower our clients to reclaim their security. With our innovative CrowdMatch™ technology, we provide unmatched scalability and precision in matching talent to your unique security challenges. Join us in creating a new era of modern crowdsourced security that stays ahead of threat actors. Explore more at www.bugcrowd.com. We are headquartered in San Francisco and New Hampshire, backed by leading investors like General Catalyst, Rally Ventures, and Costanoa Ventures.Job SummaryAs the Product Security Engineering Manager, you will be pivotal in shaping and executing our application security, platform security, and FedRAMP initiatives. You will lead and mentor a geographically diverse team of security engineers, passionate about embedding security into the engineering process and building secure-by-default systems. If you thrive in a hands-on role that empowers others, we would love to connect with you.

About Our TeamAt OpenAI, security is a core pillar of our commitment to ensuring that artificial general intelligence is beneficial to all of humanity. Our Security team plays a crucial role in safeguarding OpenAI’s technology, personnel, and products. We focus on creating effective technical solutions while maintaining operational excellence. Our guiding principles include prioritizing impactful actions, empowering researchers, preparing for transformative technologies, and fostering a robust security culture.About the RoleAs a Security Engineer specializing in Application Security, you will be at the forefront of identifying and addressing security vulnerabilities within our software applications. Your expertise will be applied through building innovative security tools, conducting code reviews, performing penetration testing, and executing thorough security assessments.We are seeking proactive individuals who can collaborate closely with development teams to ensure the integration of secure coding practices throughout the software development lifecycle. Your role will also encompass providing security guidance to developers and stakeholders, thereby enhancing the overall security awareness across the organization.This position is ideally based in San Francisco, Seattle, or New York City, but remote work options will be considered. Our hybrid work model includes three days in-office each week, along with relocation assistance available for new hires.Key Responsibilities:Conduct Security Assessments: Regularly perform security assessments, code reviews, and penetration tests to uncover vulnerabilities in applications.Develop Security Tools: Design and implement security tools, frameworks, and methodologies to shield applications from potential threats.Collaborate with Development Teams: Partner with development teams to ensure best security practices are embedded in the software development lifecycle, including secure coding standards.Threat Modeling and Risk Management: Engage in threat modeling and risk assessments to identify potential risks early and formulate effective mitigation strategies.Manage Vulnerabilities: Track, analyze, and oversee vulnerabilities in applications, providing guidance and support for remediation efforts.Incident Response: Participate in incident response efforts as necessary, ensuring swift action is taken to mitigate security incidents.

About Our TeamAt OpenAI, our mission is to pioneer the secure advancement of agentic AI systems. Our dedicated team focuses on designing, implementing, and continuously improving security policies, frameworks, and controls that protect OpenAI’s essential assets, including user and customer data, from the unique risks posed by agentic AI technologies.About the RoleAs a Security Engineer on the Agent Security Team, you will be instrumental in safeguarding OpenAI’s cutting-edge agentic AI systems. Your responsibilities will include crafting and executing robust security frameworks, policies, and controls to ensure the protection of OpenAI’s vital assets and facilitate the safe rollout of agentic systems. You will create thorough threat models, collaborate closely with our Agent Infrastructure group to strengthen the platforms that underpin OpenAI’s most sophisticated agentic systems, and spearhead initiatives to enhance safety monitoring pipelines at scale.We are in search of a dynamic engineer who thrives in uncertain environments and can deliver impactful contributions from day one. You should be ready to deploy solutions swiftly while upholding a high standard of quality and security.We seek individuals capable of driving innovative solutions that will establish industry benchmarks for agent security. Your expertise in securing complex systems and devising robust isolation strategies for emerging AI technologies will be essential, all while prioritizing usability. You will effectively communicate across various teams and functions, ensuring your solutions are scalable and robust, while engaging collaboratively in a forward-thinking environment. In this fast-paced atmosphere, you will tackle intricate security challenges, shape OpenAI’s security strategy, and play a crucial role in promoting the safe and responsible deployment of agentic AI systems.This position is based in San Francisco, CA. We operate on a hybrid work model, requiring 3 days in the office each week, and offer relocation assistance to new employees.Your Responsibilities Will Include:Designing and implementing security controls for agentic AI – develop, execute, and refine identity, network, and runtime-level defenses (e.g., sandboxing, policy enforcement) that integrate seamlessly with the Agent Infrastructure stack.Creating production-quality security tooling – deliver code that enhances safety monitoring pipelines across agent executions on a large scale.Collaborating...

Join Astranis as a Product Security Engineer and play a crucial role in safeguarding our cutting-edge technology and systems. You will work collaboratively with cross-functional teams to identify vulnerabilities, implement security measures, and ensure the integrity of our products. Your expertise will help us maintain the highest security standards while delivering innovative solutions.

Join SoFi as a Security Product Lead in the realm of Enterprise & Identity Security. This pivotal role involves driving the strategy and execution of security initiatives that protect our enterprise infrastructure and user identities. You will collaborate with cross-functional teams to enhance our security posture and ensure that our products align with industry standards and best practices.

CoreWeave is seeking a Security Engineering Manager to lead the Platform Security team. This position is based in Livingston, NJ, New York, NY, Sunnyvale, CA, Bellevue, WA, or San Francisco, CA. The team’s mission is to embed security into CoreWeave’s Kubernetes-based platform and public cloud environments, supporting high-performance infrastructure for AI and machine learning workloads. Role overview This manager will oversee and expand the Platform Security engineering team, reporting to the Senior Director of Security Foundations. The focus is on hands-on leadership and technical execution, with an emphasis on building and implementing security controls rather than policy development. The role requires close collaboration with Infrastructure, Platform Engineering, Site Reliability Engineering, and other security teams to ensure security measures keep pace with business growth and evolving needs. What you will do Lead and grow the Platform Security engineering team. Integrate security into Kubernetes infrastructure and public cloud platforms such as AWS, GCP, and Azure. Define and execute strategies for cloud security posture, workload isolation, platform guardrails, image integrity, and multi-cloud security. Develop and implement security controls across CoreWeave’s infrastructure. Work closely with other technical teams to align platform security with business needs. The Platform Security team The Platform Security team at CoreWeave engineers systems that enforce security at the infrastructure layer. Their work spans both CoreWeave’s own Kubernetes-based platform and third-party public cloud environments. The team supports GPU-accelerated infrastructure for demanding AI and machine learning workloads, ensuring that both customer and internal services remain secure as CoreWeave’s global presence expands.

Join DigitalOcean and take your career to the next level in a vibrant environment filled with innovative thinkers dedicated to building the most intuitive scalable cloud platform. If you're a visionary with a passion for tackling ambitious challenges and thrive in a fast-paced atmosphere, this is the perfect opportunity for you. We believe in achieving success together while fostering a culture of learning, enjoyment, and making a significant impact for creators around the globe.We are on the lookout for a highly skilled and passionate Senior Software Engineer to be a key player in our Security Products team. In this crucial position, you will lead the design, development, and maintenance of cutting-edge security products and systems that safeguard DigitalOcean's platform and our customers' information. If you are energized by solving intricate security issues on a large scale, we want to hear from you!

About depthfirst depthfirst builds software to strengthen the foundations of modern technology. The team focuses on protecting software from vulnerabilities that threaten its reliability and security. The mission: make software safer everywhere it runs. depthfirst develops intelligent tools that find and fix critical software vulnerabilities. The company trains and scales security AI agents to uncover zero-day issues in large customer codebases and widely used open source projects. The founding team brings experience from DeepMind, Databricks, Square, and Faire, with deep backgrounds in data, infrastructure, security, and large language models. depthfirst welcomes technical professionals interested in working where AI, Security, and Infrastructure meet. Role Overview: Security Product Engineer This San Francisco-based role centers on working directly with enterprise customers to implement depthfirst's security AI agents in their environments. The Security Product Engineer acts as the technical point of contact, ensuring the AI tools detect vulnerabilities at scale within real-world systems. The position blends hands-on engineering with regular customer interaction. Security Product Engineers learn about each customer's security landscape, design custom integrations using depthfirst's platform, and partner with the product team to turn successful solutions into product features. The work shapes both how customers use depthfirst and how the product evolves. What You Will Do Work with enterprise customers to deploy depthfirst's security AI agents in production. Build strong relationships with security teams, acting as a trusted advisor who understands their needs. Translate customer challenges into practical solutions, including custom integrations, data pipelines, and workflows connecting depthfirst with existing security tools. Identify common patterns across deployments and collaborate with the product team to develop platform-wide capabilities. Communicate effectively with stakeholders at all levels, from security engineers to CISOs. Own the technical delivery process, from initial scoping through implementation and ongoing optimization. Travel to customer sites when needed to support successful deployments.

About the Role mercor is hiring a Security Engineer focused on Application Security in San Francisco or New York City. This role centers on protecting company applications from threats and vulnerabilities. The Security Engineer works closely with teams across the company to strengthen security practices and improve the overall security of our software. What You Will Do Work with engineers and other teams to apply security best practices throughout the development lifecycle Perform detailed security assessments of applications Identify and address new and existing security risks Help improve the security posture of mercor’s applications

About the TeamAt OpenAI, we are driven by a mission to ensure that artificial general intelligence serves the interests of all humanity. Our Security team plays a pivotal role in safeguarding OpenAI's innovative technologies, our talented workforce, and our diverse product offerings. We emphasize a technical yet operational approach, dedicated to supporting all research and production at OpenAI. Our core tenets include prioritizing impactful actions, empowering researchers, anticipating transformative technologies, and fostering a robust security culture.About the RoleWe are on the lookout for an outstanding Principal Offensive Security Engineer to elevate OpenAI's security framework. This role transcends traditional red teaming; it provides an opportunity to delve deeply into security challenges, create innovative attack simulations, and collaborate closely with defensive teams to drive strategic enhancements throughout the organization.In this position, you'll not only identify vulnerabilities but also take the lead in resolving them, harnessing cutting-edge technologies to automate offensive security techniques, and utilizing your unique attacker perspective to inform our overarching security strategy.Your primary focus will be on rigorously testing our agent-powered products like Codex and Operator. These systems are valuable targets due to their rapid evolution, ability to perform sensitive user actions, and extensive attack surfaces. You'll play a vital role in fortifying our agents by identifying realistic vulnerabilities arising from the interplay between applications, infrastructure, and models.Key ResponsibilitiesProactively hunt for vulnerabilities within the interactions of our agentic products, encompassing applications, infrastructure, and models.Execute open-scope red and purple team operations, simulating authentic attack scenarios.Collaborate effectively with defensive security teams to enhance detection, response, and mitigation capabilities.Conduct thorough penetration testing across our diverse portfolio of products.Leverage advanced automation and OpenAI technologies to optimize your offensive security initiatives.Articulate insightful, actionable findings in a clear and compelling manner to drive impactful change.Influence security strategy by providing expert recommendations based on your findings.