CrawlJobs Logo

Staff Product Security Engineer

United States, Austin 255000.00 - 285000.00 USD / Year · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

At Bumble, we’re building secure, AI-powered systems that make trust and safety intrinsic to every product experience. We’re looking for a Staff Product Security Engineer to lead the transformation of complex security requirements into intuitive, scalable, and developer-friendly solutions. In this role, you’ll sit at the intersection of Engineering, Product, and Compliance—designing frameworks and automation that make secure-by-design development seamless. You’ll empower engineers through innovative tooling, AI-driven enablement, and culture-shifting leadership that turns security into a core enabler of innovation.

Job Responsibility

  • Research, design, and deliver scalable security tools, frameworks, and automation that streamline secure development
  • Build developer-centric security experiences and self-service capabilities within engineering workflows
  • Leverage AI and Model Context Protocol (MCP) to create intelligent, context-aware security guidance and automation
  • Collaborate with Product and Engineering to embed security into design reviews, sprints, and roadmaps
  • Provide expertise across cloud-native, containerized, and service-oriented architectures (AWS, GCP, Kubernetes)
  • Partner with leaders across Engineering and Product to align security with developer velocity and experience

Requirements

  • 10+ years of experience in Application or Product Security
  • Proven expertise in secure software development, threat modeling, and SDLC integration
  • Hands-on experience building or integrating developer-facing security tools
  • Strong understanding of cloud and container security (AWS, GCP, Kubernetes)
  • Demonstrated ability to influence engineering practices and drive security adoption
  • Excellent communication skills and cross-functional leadership

Nice to have

  • Experience with AI security tooling, context-aware automation, or MCP-based architectures
  • Familiarity with workflow automation platforms (n8n, Make.com, Zapier, etc.)
  • Experience building agentic AI systems that work collaboratively
  • Understanding of AI privacy and governance in developer workflows
  • Strong coding background and pragmatic build-vs-buy decision-making

What we offer

  • Maven Fertility - $10,000 lifetime benefit opportunity for reproductive journey support
  • Family & compassionate paid leave
  • 26 weeks parental leave for primary caregiver
  • 26 weeks paid leave for secondary caregiver after 1 year of employment
  • Unlimited paid time off
  • Company-wide week off
  • Focus Fridays - no meetings, deadlines, emails, or Slack on Fridays

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Staff Product Security Engineer

8 matching positions

Staff Product Security Engineer

We’re seeking a Staff Product Security Engineer with deep AI/ML security experti...
Location
Location
United States , San Francisco
Salary
Salary:
250000.00 - 285000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10 years of deep hands-on experience in offensive security, including manual penetration testing, red team operations, and adversary simulation
  • Familiarity with modern C2 frameworks (e.g., Cobalt Strike, Sliver, Havoc), exploit development, and security research
  • Strong expertise across the AI/ML stack, including MLOps, inference architectures, vector databases, RAG, and agentic frameworks (e.g., ReAct, Reflexion)
  • Experience building, deploying, and securing LLM pipelines and AI workflows in Kubernetes and/or bare-metal environments
  • Strong software engineering foundations with experience shipping production code in Go, Python, or Rust
  • Hands-on experience securing Kubernetes, containers, VMs, and CI/CD environments
  • Deep understanding of application security vulnerabilities, secure coding practices, and distributed system design
  • Demonstrated ability to lead complex, cross-functional security initiatives end-to-end
  • Strong communication skills with the ability to influence both engineering teams and executive stakeholders
Job Responsibility
Job Responsibility
  • Performing advanced manual penetration testing across complex applications, infrastructure, Kubernetes environments, and distributed microservice ecosystems
  • Leading offensive security initiatives including red team operations, adversary simulation, and security research
  • Securing AI/ML systems end-to-end, including LLM pipelines, vector databases, RAG architectures, and agentic workflows
  • Identifying and researching novel attack surfaces unique to LLMs and autonomous systems, contributing to internal and external AI security research
  • Influencing secure system design across the SDLC, embedding security into CI/CD pipelines, container images, and deployment workflows
  • Integrating and operationalizing security tooling (SAST, DAST, SCA, container scanning) and driving remediation of complex application-layer vulnerabilities
  • Building internal security guardrails such as hardened base images, reusable libraries, and policy-as-code frameworks
  • Developing production-grade security tooling and leading cross-functional security programs from design through deployment
What we offer
What we offer
  • Bonus
  • Restricted Stock Units are included in all offers
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
Read More
Arrow Right

Staff Product Security Engineer - Customer Platform

We are seeking a seasoned and highly skilled Staff Product Security Engineer - C...
Location
Location
United States
Salary
Salary:
190000.00 - 260000.00 USD / Year
valon.ai Logo
Valon Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in progressive senior security engineering or architect level roles
  • 3+ years leading security design for enterprise-grade cloud and SaaS platforms
  • Bachelor's degree in Information Security, Computer Science, Technology or related field
  • Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
  • Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)
  • Hands-on experience with modern security technologies and tooling across cloud and application security
Job Responsibility
Job Responsibility
  • Define and evolve product security architecture and strategy for Valon’s multi-tenant SaaS platform
  • Architect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
  • Build and maintain security reference architectures and standardized secure design patterns for product teams
  • Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
  • Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
  • Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
  • Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
  • Develop, implement, and enforce security policies, standards, and procedures
  • Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes
What we offer
What we offer
  • Competitive salary with a meaningful stake in the company via equity
  • 401k plan
  • Comprehensive medical, dental, & vision benefits
  • Pre-tax deductions for public transportation, rideshare services, and parking expenses
  • Company wide orientation
  • Learning & development opportunities including regular review cycles that feature 360 degree feedback
  • Quarterly budgets for team and company outings
  • Flexible paid time off
  • Sick days
  • 11 company holidays
  • Fulltime
Read More
Arrow Right

Staff+ Product Security Engineer

Verkada is transforming how organizations protect their people and places with a...
Location
Location
United States , San Mateo
Salary
Salary:
200000.00 - 300000.00 USD / Year
verkada.com Logo
Verkada
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Science in Computer Science degree or equivalent
  • Strong experience with AWS, GCP or other cloud service provider
  • 7 - 10+ years of experience as a security engineer, software engineer, site reliability engineer, or security consultant
  • Understanding of security weaknesses, exploits, attacks and mitigations
  • Experience and enthusiasm for learning about new security products, features, and strategies
  • Coding ability
  • Excellent collaborative skills
  • Outstanding written and verbal communication
  • Experience with most of the following: Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, Security Code Review, Open Policy Agent, SIEM
Job Responsibility
Job Responsibility
  • Facilitate the security baked into our applications throughout the software development lifecycle
  • Evangelize software security best practices through training and information sharing
  • Partner closely with engineering and product teams to improve the security of Verkada’s products and exceed customers’ expectations
  • Explore innovative solutions to enable Verkada business instead of “Security says No”
  • Collaborate with other engineering leaders to define, communicate, and execute on goals, priorities and process
  • Set up security tooling and secure defaults to ensure software security best practices
  • Perform architecture analysis, threat modeling and technical design reviews of sensitive features and infrastructure
  • Create and operate a bug bounty program
  • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties
  • Collaborate with the CISO and security team to grow the broader Verkada security program
What we offer
What we offer
  • Healthcare programs that can be tailored to meet the personal health and financial well-being needs - Premiums are 100% covered for the employee under at least one plan and 80% for family premiums under all plans
  • Nationwide medical, vision and dental coverage
  • Health Saving Account (HSA) with annual employer contributions and Flexible Spending Account (FSA) with tax saving options
  • Expanded mental health support
  • Paid parental leave policy & fertility benefits
  • Time off to relax and recharge through our paid holidays, firmwide extended holidays, flexible PTO and personal sick time
  • Professional development stipend
  • Fertility Stipend
  • Wellness/fitness benefits
  • Healthy lunches provided daily
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product

At Rogo, we are building Wall Street's first true AI analyst. Our mission is to ...
Location
Location
United States , New York City
Salary
Salary:
Not provided
rogodata.com Logo
Rogo
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong backend engineer whose primary job is to design, build, and maintain the abstractions, tooling, and guardrails that allow the entire engineering team to ship product securely by default, without slowing down velocity
  • Worked as a backend engineer owning systems, services, or platforms, building security capabilities directly into those systems
  • Professional experience developing in a strongly typed language (e.g., Rust, C++, Java)
  • Demonstrated deep experience in application security testing, penetration testing, and code review
  • You’ve worked with, or are excited to learn, tools that help you understand how systems behave under stress or misuse (security-specific tools like Burp, ZAP, or Snyk are a plus)
  • You’ve integrated automated checks into CI/CD pipelines (SCA, SAST, DAST)
  • You’re comfortable working with infrastructure automation (Terraform or equivalents)
  • Strong communication skills and ability to collaborate with developers, product teams, and leadership
  • Applied knowledge of threat modeling, cryptography fundamentals, and vulnerability management
  • Understanding of security frameworks such as SOC 2, CIS Benchmarks, ISO 27001/42001, or NIST CSF
Job Responsibility
Job Responsibility
  • Drive product and application security by designing and building backend systems, abstractions, tooling, and guardrails that enable the entire engineering team to ship products secure-by-default
  • Design, build, and maintain backend features, frameworks, services, and automation that enforce security controls across the platform
  • Perform dynamic security reviews, threat modeling, and penetration testing of applications and APIs
  • Own the end-to-end implementation of automated security reviews within Rogo’s SDLC
  • Contribute directly to backend codebases by fixing and remediating vulnerabilities discovered via SAST, DAST, SCA, IaC, or internal tooling
  • Design and implement security tools and automated pipelines that streamline developer workflows and integrate deeply with Rogo’s platform
  • Build and maintain test environments and simulation ranges to validate security controls at scale
  • Partner with engineers across the company to embed secure coding practices and guardrails into CI/CD pipelines
  • Create and maintain secure coding standards and provide guidance and training to developers
  • Review and secure cloud infrastructure and kubernetes deployments, including hands-on Terraform and other IaC improvements, as it relates to product security
  • Fulltime
Read More
Arrow Right
New

Staff Security Engineer, Enterprise Security Architecture

Aurora’s mission is to deliver the benefits of self-driving technology safely, q...
Location
Location
United States , Detroit
Salary
Salary:
171000.00 - 273000.00 USD / Year
aurora.tech Logo
Aurora Innovation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of professional experience in Information Security, Enterprise Architecture, Security Engineering, or related technical leadership capacities
  • 5+ years specifically focused on designing enterprise-scale security architectures across diverse domains, including endpoint, network, infrastructure, vulnerability management, resilience, and enterprise platforms
  • Demonstrated success in developing enterprise security architecture strategies, reference architectures, and scalable technical standards
  • Extensive technical depth in Zero Trust principles, enterprise security frameworks, and modern backend or enterprise security architecture design patterns
  • Comprehensive knowledge of core enterprise security domains, including endpoint security, network security, PKI, enterprise vulnerability management, resilience, data protection, and governance integration
  • Proven ability to translate governance, compliance, and strategic business requirements into actionable technical architecture and implementation guidance
  • Experience representing security interests within architecture review boards, governance committees, or enterprise-wide design councils
  • Advanced familiarity with enterprise infrastructure, SaaS ecosystems, internal platforms, and the strategic integration of security tooling
  • Adept at evaluating technical tradeoffs, identifying scalability constraints, and assessing the long-term implications of enterprise security architecture decisions
  • Exceptional documentation skills, including the creation of detailed architecture diagrams, technical standards, and strategic narratives for executive leadership
Job Responsibility
Job Responsibility
  • Define and champion Aurora’s enterprise security architecture strategy, roadmap, and target-state operating model across enterprise and backend operational security domains
  • Develop enterprise security reference architectures, design patterns, and technical standards for endpoint security, network security, infrastructure security, enterprise vulnerability management, data protection, resilience, enterprise platforms, and security tooling
  • Translate security strategy, governance requirements, and business priorities into scalable technical architecture and implementation guidance
  • Partner with GRC to operationalize security policies, standards, and control objectives into practical enterprise security architectures
  • Support and influence Aurora’s broader Enterprise Architecture Committee by representing enterprise security priorities, technical standards, and strategic design principles
  • Participate in architecture review boards, design committees, and strategic planning forums to ensure enterprise security alignment across major initiatives
  • Architect secure solutions for workforce platforms, enterprise systems, internal infrastructure, and backend operational ecosystems using Zero Trust principles and modern security frameworks
  • Guide enterprise security design for endpoint security, network security, PKI, enterprise vulnerability management, BCP/DR, data security, enterprise infrastructure, and security tooling modernization
  • Provide architectural oversight for major enterprise security initiatives, ensuring scalability, interoperability, governance alignment, and reduced fragmentation
  • Partner with Security Engineering, GRC, Cloud Security, IT, Product Security, and IAM teams to align technical security capabilities while maintaining clear domain boundaries
What we offer
What we offer
  • Annual bonus
  • Equity compensation
  • Benefits
  • Fulltime
Read More
Arrow Right

Staff Security Software Engineer - Security Operations

The Role GM’s Cybersecurity Team safeguards the company’s global information ...
Location
Location
United States , Austin
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in software engineering with a focus on distributed systems, security integrations, and data platforms
  • Deep expertise building event-driven, horizontally scalable services and contract-first APIs
  • Track record productizing AI in security workflows (multi-agent patterns, RAG at scale, evaluation harnesses, guardrails, red-teaming)
  • Cloud architecture depth (Azure/AWS/GCP), including networking, Kubernetes, service meshes, observability stacks, and IaC at scale
  • Data platform expertise: streaming (Kafka/Event Hub/PubSub), vector/search (pgvector/FAISS/Pinecone), schema/versioning, governance/lineage
  • Demonstrated org-wide influence: authored standards, drove cross-team adoption, led multi-quarter programs to successful outcomes
  • Exceptional communication with executives
  • ability to frame risk, ROI, and tradeoffs succinctly
Job Responsibility
Job Responsibility
  • Set the reference architecture for security data integration and AI orchestration (agents, policy-guard railed workflows, governance)
  • Lead cross-org programs that unify SIEM/EDR/IAM/SSPM/CSPM/ITSM/cloud data models and establish single sources of truth
  • Operationalize AI at scale with safety, privacy, and governance—including data retention, PII controls, model routing, evaluation, and fallback strategies
  • Drive cost/performance optimization (throughput, latency, storage tiering, vector index strategies) for high-volume security telemetry
  • Influence vendor strategy and negotiate integration roadmaps
  • guide build-vs-buy decisions and multi-year investments
  • Mentor/coach Staff/Senior engineers
  • build a culture of design excellence, pragmatic risk management, and measurable outcomes
  • Communicate upward with crisp executive narratives, metrics, and business impact framing
What we offer
What we offer
  • Relocation benefits
  • Fulltime
Read More
Arrow Right