CrawlJobs Logo

Software Engineer, Product Security

United States, San Francisco 240000.00 - 290000.00 USD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

Millions of people use Notion — and this number is increasing every day. Our users depend on us to deliver a secure and trustworthy experience, and we value this more than anything. In this role, we are looking for a founding member of an elite security engineering team that is responsible for all aspects of ensuring the security of our platform and users. You will be one of Notion’s foremost security expert, understanding the full attack surface of our product and working with a broad range of teams to secure it.

Job Responsibility

  • Help scale the engineering organization and mentor engineers on best practices in secure software design and architecture
  • enable the growth of Notion’s business by building a secure foundation that earns the trust of Notion’s users
  • design, implement, and (where possible) automate a software development life cycle that balances good vulnerability and risk detection coverage with developer velocity
  • act as a liaison for multiple stakeholders across product, engineering, go to market, and security ops / compliance, to guide and prioritize the right security investments
  • participate in security assessments and advise on on both internal and customer security and privacy needs (e.g. SOC2, ISO 27001, GDPR, penetration testing, enterprise asks)

Requirements

  • Security architecture and expertise: experience building systems to secure and monitor cloud architectures
  • experience in threat modeling
  • experience securing a cloud-based infrastructure (e.g. AWS)
  • experience designing a secure development life cycle (design reviews, CI / CD integrations, bug bounty program)
  • experience in application security consulting
  • experience in secure library and framework development
  • experience in vulnerability discovery and response
  • experience implementing core security features like authentication to detecting and mitigating malicious activity
  • experience in offensive thinking (e.g. pentesting, red teaming)
  • experience debugging systems in production
  • pragmatic and business-oriented
  • not ideological about technology
  • empathetic communication
  • team player
  • curious and willing to adopt AI tools

Nice to have

  • Experience responsible for maintaining continuous controls and participating in audits in relation to customer facing certifications (like SOC2)
  • experience leading engineering teams with a security focus
  • experience managing, maintaining, and monitoring systems using technologies like Amazon Web Services, Datadog, Postgres, Redis, Memcached, and Elasticsearch

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Software Engineer, Product Security

8 matching positions

Software Engineer, Security (Product)

We're looking for a Full Stack Engineer to join our Product Security team. You'l...
Location
Location
Sweden , Stockholm
Salary
Salary:
Not provided
lovable.dev Logo
Lovable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of full-stack engineering experience shipping production-grade products at high velocity
  • Deep, fluent command of React/TypeScript on the frontend and Golang on the backend
  • An instinct for quality that shows in every PR, every design decision, and every line of code you write
  • Strong product sense: you can take something complex and make it feel simple for the user
  • Experience building security-adjacent features (audit flows, compliance tooling, scanner interfaces, or similar) is a strong plus
  • Familiarity with AI/LLM-powered tooling, or a background that involved dense algorithmic or systems work
Job Responsibility
Job Responsibility
  • Build security product features end-to-end: audit flows, security scanner UI, cookie banner fixes, and compliance tooling
  • Ship across the full stack as part of a tight-knit team of 2-3 engineers
  • Own your work completely, from the first commit to production
  • Hold a high bar on code quality, and actively raise it around you
  • Influence technical direction and product strategy with strong opinions
  • Fulltime
Read More
Arrow Right

Senior Product Security Software Engineer

Crusoe is building the infrastructure for the next era of AI and high-performanc...
Location
Location
United States , San Francisco
Salary
Salary:
175000.00 - 215000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience shipping production software with strong system design skills
  • Deep expertise in Golang and Node.js/JavaScript, with experience building and debugging distributed systems
  • Hands-on experience securing gRPC services, REST APIs, and microservice architectures
  • Strong background implementing authentication and authorization systems using OAuth2, OIDC, SAML, JWT, and RBAC/ABAC models
  • Production experience with application security tooling (SAST, DAST, SCA) and CI/CD integration (e.g., Semgrep, OWASP ZAP, Burp, GitLab)
  • Knowledge of runtime application security and observability tools
  • Solid understanding of cloud-native and containerized environments (Docker, Kubernetes) and network security fundamentals
  • Strong grasp of OWASP Top 10, secure coding practices, cryptography, and secure design principles
Job Responsibility
Job Responsibility
  • Design and build secure frameworks and patterns for high-performance AI workflows, agents, and models to protect our clients
  • Create reusable security patterns for product microservices, focusing on service-to-service authorization, API security, and multi-tenant data isolation that scales across product lines
  • Create developer-facing tools and automation that catch security issues early in the development cycle without slowing teams down
  • Perform security reviews, penetration tests, code reviews, and system design reviews for Crusoe’s fleet of SaaS offerings
What we offer
What we offer
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Tuition reimbursement
  • Fulltime
Read More
Arrow Right
New

Security Engineer, Product Security

Location
Location
Germany , Berlin
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Practical knowledge of security topics (e.g. penetration testing, secure software development, vulnerability management, SAST, DAST)
  • Programming knowledge, preferably one of the following: TypeScript, JavaScript, Kotlin, Java, Go, or Python
  • Practical knowledge of Unix basics and Kubernetes infrastructure, preferably managed via Terraform and Kustomize
  • Strong communication skills in English (German is a plus)
Job Responsibility
Job Responsibility
  • Take ownership of tasks that improve our security automation and strengthen our product security pipelines
  • Proactively explore the use of AI for vulnerability detection and remediation
  • Continuously learn and share knowledge about how vulnerabilities apply in our specific product context
  • Support the team by enhancing our services with software engineering solutions
  • Collaborate closely with stakeholders across the product department and gain broad exposure to how a growing SaaS company operates
  • Maintain our outbound e-mail security by regularly reviewing the related metrics
  • Maintain our Web Application Firewall ruleset
  • Maintain our central HTML sanitization service written in Typescript
What we offer
What we offer
  • Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we’re offering a company pension scheme
  • Volunteers Day - you’ll get one day off per year for supporting a social project
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , New York, NY; San Francisco, CA; Seattle, WA; Washington, DC
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to drive multi-month security initiatives independently, from problem definition through execution, without requiring significant direction
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience operating and securing AWS infrastructure at scale
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
Job Responsibility
Job Responsibility
  • Leverage broad product security expertise to build and maintain software tooling that secures every layer of the modern AI/ML software ecosystem
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
Read More
Arrow Right

Staff Security Software Engineer - Security Operations

The Role GM’s Cybersecurity Team safeguards the company’s global information ...
Location
Location
United States , Austin
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in software engineering with a focus on distributed systems, security integrations, and data platforms
  • Deep expertise building event-driven, horizontally scalable services and contract-first APIs
  • Track record productizing AI in security workflows (multi-agent patterns, RAG at scale, evaluation harnesses, guardrails, red-teaming)
  • Cloud architecture depth (Azure/AWS/GCP), including networking, Kubernetes, service meshes, observability stacks, and IaC at scale
  • Data platform expertise: streaming (Kafka/Event Hub/PubSub), vector/search (pgvector/FAISS/Pinecone), schema/versioning, governance/lineage
  • Demonstrated org-wide influence: authored standards, drove cross-team adoption, led multi-quarter programs to successful outcomes
  • Exceptional communication with executives
  • ability to frame risk, ROI, and tradeoffs succinctly
Job Responsibility
Job Responsibility
  • Set the reference architecture for security data integration and AI orchestration (agents, policy-guard railed workflows, governance)
  • Lead cross-org programs that unify SIEM/EDR/IAM/SSPM/CSPM/ITSM/cloud data models and establish single sources of truth
  • Operationalize AI at scale with safety, privacy, and governance—including data retention, PII controls, model routing, evaluation, and fallback strategies
  • Drive cost/performance optimization (throughput, latency, storage tiering, vector index strategies) for high-volume security telemetry
  • Influence vendor strategy and negotiate integration roadmaps
  • guide build-vs-buy decisions and multi-year investments
  • Mentor/coach Staff/Senior engineers
  • build a culture of design excellence, pragmatic risk management, and measurable outcomes
  • Communicate upward with crisp executive narratives, metrics, and business impact framing
What we offer
What we offer
  • Relocation benefits
  • Fulltime
Read More
Arrow Right

Senior Security Software Engineer - Security Operations

The Role GM’s Cybersecurity Team safeguards the company’s global information ass...
Location
Location
United States , Warren
Salary
Salary:
125200.00 - 158600.00 USD / Year
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years in software security engineering
  • advanced proficiency in modern programming languages
  • Expert in API development, microservices, event streaming, and idempotent integration patterns
  • Experience deploying software using any modern CI/CD pipeline and automated delivery practices
  • Hands-on with security tooling integrations (e.g., SIEM, EDR, SSPM)
  • Proven AI integration experience: LLM agents, embeddings, vector databases, RAG, prompt engineering
  • Cloud proficiency (Azure/AWS/GCP) and IaC (Terraform/Bicep/ARM/CloudFormation)
  • Data engineering fluency: ETL/ELT, schema design, normalization/enrichment
  • formats (JSON, YAML, syslog, STIX/TAXII)
  • Excellent cross-functional communication
Job Responsibility
Job Responsibility
  • Own architecture & delivery for complex integration services (APIs, microservices, event-driven workflows) with production SLIs/SLOs
  • Build AI-driven workflows (RAG, summarization, classification, agents) that augment investigations, triage, and orchestration
  • Create reusable connectors bridging SIEM/EDR/IAM/SSPM/ITDR/ITSM and cloud telemetry with robust error handling, retries, and DLQs
  • Implement security automation (SOAR-like playbooks) that enrich alerts and trigger deterministic + AI-assisted responses
  • Harden and observe services with CI/CD, automated testing, performance profiling, metrics, and incident runbooks
  • Mentor engineers and lead technical design reviews, coding standards, and reference implementations
  • Translate requirements into clear epics/roadmaps
  • align stakeholders and deliver on time with quality
What we offer
What we offer
  • medical
  • dental
  • vision
  • Health Savings Account
  • Flexible Spending Accounts
  • retirement savings plan
  • sickness and accident benefits
  • life insurance
  • paid vacation & holidays
  • incentive pay program based on company, job level, and individual performance
  • Fulltime
Read More
Arrow Right