CrawlJobs Logo

Product Security Engineer

France Employment contract · Job Posted February 13, 2026
Apply Position
Job Link Share

Job Description

Product Security Engineer role in the Tech Foundations area. Tech Foundations enables product crews and creates the environment to thrive—combining world-class infrastructure, intuitive developer experience, exquisite operational excellence, and built-in security to make shipping exceptional products effortless.

Job Responsibility

Strengthen security posture across the engineering organization

Requirements

  • Strong background in application and infrastructure security
  • Hands-on experience using Software Security, Product Security or Pentesting techniques to identify and mitigate security vulnerabilities in web and mobile applications
  • Experience in protecting organisations from cyber threats and have experience working with platforms to monitor, detect, and respond to security incidents
  • Familiarity with cloud security and modern web application security
  • Well-versed in Object Oriented Programming such as Python, Java, C#
  • Enthusiastic about web technologies such as modern Javascript
  • Willing to work in Python/JavaScript
  • Passionate about building products
  • Self-starting and entrepreneurial
  • Humble and still willing to grow
  • Collaborative, enthusiastic about teamwork, learning, and teaching
  • Fluent in English

What we offer

  • Generous equity packages
  • Flexible Office
  • All the tools you need (Macbook Pro, keyboard, laptop stand, monitor, Bose noise-canceling headphones)
  • Flexible vacation policy and flexible working hours
  • Extremely comprehensive health insurance
  • Country-specific commuter benefits
  • Learning & Training opportunities
  • Personal growth through coaching
  • Extended parental leave

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Product Security Engineer

8 matching positions

Product Security Engineer

We are looking for a Product Security Engineer to join our security team to driv...
Location
Location
United States , San Francisco
Salary
Salary:
208000.00 - 312000.00 USD / Year
vercel.com Logo
Vercel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experienced Security Engineer: You have 5+ years of experience in an Product Security or Product Security role (or related field), with a track record of securing web products and services. You’re well-versed in the fundamentals of product security and have hands-on experience finding and fixing vulnerabilities
  • Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security. Experience with modern web frameworks (ideally Next.js or React and Node-based frameworks) and understanding of their security considerations. You can read and review code in these technologies to spot security flaws
  • Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex product. You understand how to integrate security into a fast-paced SDLC without slowing it down. Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required
  • Security Tools & Automation: Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration. Familiarity with GitHub Advanced Security or similar tools for code scanning and secret detection is a strong plus
  • Open Source and Supply Chain Security: Knowledge of open-source security best practices. You have experience dealing with open-source dependencies and package management security (e.g., handling vulnerability advisories, using tools like Dependabot or Snyk). Bonus if you have contributed to or maintained open-source projects, especially security-related ones
  • Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program or vulnerability disclosure process. You know how to assess externally reported issues, reproduce and validate vulnerabilities, and coordinate fixes. You stay up-to-date on the latest vulnerabilities (OWASP Top 10, emerging threats) and methods to mitigate them
  • Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective. You are familiar with securing products on cloud platforms (e.g., securing serverless functions, protecting APIs, managing secrets and keys). Experience with related cloud security concepts or tools is a plus
  • Technical Leadership: Proven ability to drive security initiatives and influence engineering teams to adopt best practices. You can work cross-functionally to achieve security goals – for example, rolling out a new security tool or standard across many engineers. (While we emphasize technical skills, this senior role requires you to effectively communicate and lead within the organization to get things done.)
Job Responsibility
Job Responsibility
  • Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment
  • Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team
  • Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code
  • SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort
  • Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You’ll also work on making our bug bounty a world-class, researcher-friendly program, including refining policies, scope, and engagement to encourage high-quality submissions
  • Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements
  • Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform.
What we offer
What we offer
  • Competitive compensation package, including equity
  • Inclusive Healthcare Package
  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills
  • Flexible Time Off
  • We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.
  • Fulltime
Read More
Arrow Right

Product Security Engineer

Secure NEO end-to-end. You will analyze the system services, operating systems, ...
Location
Location
United States , San Carlos
Salary
Salary:
137861.00 - 250000.00 USD / Year
1x.tech Logo
1X Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in product security, offensive security, or a closely related engineering role
  • Strong experience with Linux operating system internals and security mechanisms (namespaces, syscall filtering, Linux systems hardening, least-privilege service design)
  • Proficiency in software development and code auditing, with shipping experience in C, C++, Rust, Go or Python
  • Penetration testing experience against real production systems
  • Security expertise in one or more of: Offensive security against Linux-based devices vulnerability research, exploit development, and end-to-end attack chains against embedded or production systems
  • Secure boot, verified boot, and Trusted Execution Environments (e.g., OP-TEE, fTPM)
  • Cryptography, PKI design, key lifecycle management, and HSM-backed roots of trust
  • Cloud security (AWS, GCP, or Azure), infrastructure-as-code, Kubernetes, and CI/CD pipeline security
  • Secure firmware update systems for embedded devices over-the-air delivery, rollback protection, signature verification, and recovery from failed updates
  • Bachelor’s degree in Computer Science, Information Security, Engineering, or related technical field or equivalent experience
Job Responsibility
Job Responsibility
  • Audit code and systems across NEO’s stack from bootloader and Linux userspace to cloud services and CI/CD pipelines to identify and drive remediation of security vulnerabilities
  • Lead security initiatives end-to-end, serving as the technical point of contact and partnering with Robotics, AI, Infrastructure, and Manufacturing teams to design secure-by-default systems
  • Conduct penetration tests, threat models, and risk assessments against NEO and its supporting infrastructure, prioritizing the issues that matter most
  • Design and contribute production code for security-critical components such as secure boot chains, code-signing pipelines, attestation flows, and hardened system services
  • Help define the security architecture for how humanoid robots are provisioned, deployed, updated, and operated at scale
What we offer
What we offer
  • Comprehensive medical, dental, and vision coverage
  • Generous paid time off, company holidays, and parental leave
  • 401(k) plan with company match (100% on the first 3% of contributions, 50% on the next 2%)
  • Flexible Spending Accounts (FSA) and Health Savings Accounts (HSA) options
  • Commuter benefits (transit and parking)
  • Short-term and long-term disability, and life insurance
  • Employee Assistance Program (EAP) for mental health, financial, and personal support
  • Onsite snacks and catered lunches
  • Equity
  • Fulltime
Read More
Arrow Right

Product Security Engineer

As a Product Security Engineer at Ema, you sit at the intersection of backend en...
Location
Location
India
Salary
Salary:
Not provided
ema.co Logo
Ema
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4–7 years of experience building scalable software systems, with a strong emphasis on security engineering
  • Excellent programming skills (Python required
  • Go or similar strongly preferred)
  • Proven experience building internal tools, and frameworks used by engineering teams
  • Proven ability to build security platforms from zero to production scale
  • Strong judgment translating abstract risk into concrete engineering controls
  • Track record of influencing architecture across product, infra, and reliability teams
  • Comfortable owning ambiguous, high-impact security problems end to end
  • Experience integrating security into CI/CD pipelines and developer workflows
  • Comfortable operating cross-functionally with Product, Engineering, and Infra teams
Job Responsibility
Job Responsibility
  • Design, build, and maintain internal security tools and platforms to improve Ema’s overall security posture
  • Implement and improve security controls directly into product and platform workflows
  • Influence engineering architecture and ensure secure-by-design implementations
  • Own and scale application security programs including SAST, SCA, dependency risk, and custom detection logic
  • Support penetration testing efforts by validating findings and engineering durable fixes
  • Perform threat modeling for new features and systems, translating risks into concrete engineering solutions
  • Develop automation to reduce manual security effort across vulnerability management, access reviews, and incident response
  • Conduct secure design and code reviews with a strong focus on exploitable logic flaws and systemic risks
  • Build tooling to surface security signals from production systems and dev workflows
  • Fulltime
Read More
Arrow Right

Product Security Engineer

We are looking for a highly skilled PSIRT Engineer to lead the vulnerability res...
Location
Location
United States , Foster City
Salary
Salary:
180000.00 - 325000.00 USD / Year
replit.com Logo
Replit
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience running or triaging for bug bounty programs (HackerOne ideally)
  • Strong ability to triage, validate, and reproduce vulnerabilities independently
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals
Job Responsibility
Job Responsibility
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
  • Independently validate, reproduce, severity-score, and document findings
  • Identify duplicates and maintain a clean vulnerability records pipeline
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses
  • Track SLAs, remediation progress, regression testing, and systemic improvements
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
  • Design and evolve the bug bounty program, including scope, rules, and reward structures
  • Manage platform selection, private vs. public launches, and community engagement
What we offer
What we offer
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Security Team is responsible for providing key security capabilities coverin...
Location
Location
Germany
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Job Responsibility
Job Responsibility
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What we offer
What we offer
  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right

Senior Security Engineer and Principal Security Engineer (Multiple Positions)- Windows Security

The Microsoft Windows Security team is looking for learn-it-all security enginee...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Participate in security reviews to identify and mitigate risk in Microsoft products, including design reviews, code reviews, and fuzzing
  • Be the security contact for teams building new innovative products and technologies in the next version of Windows and devices
  • Identify security vulnerabilities in a wide variety of key OS features such as network protocols, security features, and Microsoft devices
  • Leverage a broad and current understanding of security to devise new protections
  • Interact with the external security community and security researchers
  • Collaborate with product teams to improve security, and articulate the business value of security investments
  • Fulltime
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , New York, NY; San Francisco, CA; Seattle, WA; Washington, DC
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to drive multi-month security initiatives independently, from problem definition through execution, without requiring significant direction
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience operating and securing AWS infrastructure at scale
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
Job Responsibility
Job Responsibility
  • Leverage broad product security expertise to build and maintain software tooling that secures every layer of the modern AI/ML software ecosystem
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right
New

Security Engineer, Product Security

Location
Location
Germany , Berlin
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Practical knowledge of security topics (e.g. penetration testing, secure software development, vulnerability management, SAST, DAST)
  • Programming knowledge, preferably one of the following: TypeScript, JavaScript, Kotlin, Java, Go, or Python
  • Practical knowledge of Unix basics and Kubernetes infrastructure, preferably managed via Terraform and Kustomize
  • Strong communication skills in English (German is a plus)
Job Responsibility
Job Responsibility
  • Take ownership of tasks that improve our security automation and strengthen our product security pipelines
  • Proactively explore the use of AI for vulnerability detection and remediation
  • Continuously learn and share knowledge about how vulnerabilities apply in our specific product context
  • Support the team by enhancing our services with software engineering solutions
  • Collaborate closely with stakeholders across the product department and gain broad exposure to how a growing SaaS company operates
  • Maintain our outbound e-mail security by regularly reviewing the related metrics
  • Maintain our Web Application Firewall ruleset
  • Maintain our central HTML sanitization service written in Typescript
What we offer
What we offer
  • Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we’re offering a company pension scheme
  • Volunteers Day - you’ll get one day off per year for supporting a social project
Read More
Arrow Right