Product Security Engineer

We''re hiring a hands-on Product Security Engineer to secure modern, cloud-native platforms at a large-scale financial services environment. You''ll own product and application security end-to-end, embedding controls into the Secure SDLC, automating security in CI/CD, and partnering directly with engineers to reduce real-world risk across services, APIs, and supply chains. What you''ll work on: Secure SDLC ownership: design reviews, threat modelling, release criteria AppSec automation: SAST, DAST, SCA, secrets, IaC/container security Security code reviews (authn/authz, crypto, sessions, data protection, business logic) API security (OAuth/OIDC, token handling, schema validation, rate limiting, abuse prevention) Dependency andamp; supply-chain security (SCA, SBOMs, provenance) Vulnerability life cycle: triage, SLAs, metrics, and targeted exploit validation You should have: 6+ years in Product/Application Security Strong OWASP Web andamp; API risk knowledge and modern attack paths Experience securing microservices, containers, CI/CD pipelines Ability to read and review Back End code (Java, Go, Python, Node.js, etc.) A practical, engineering-first security mindset High-impact role | Real ownership | Modern attack ..... full job details .....