Sr Product Security Engineer

The Role

We're hiring a Senior Product Security Engineer to build and operate the modern security tooling pipeline that underpins everything our Product Security team does. You'll establish and maintain the SDLC security infrastructure using Claude Code Security, Codex Security, GitHub Advanced Security, Wiz CLI, and integrated tooling that gives engineering teams fast, reliable security feedback on every commit, every PR, and every release.

You bring an automation-first mindset. When you see a manual security review process, your instinct is to build a workflow that handles the repeatable parts and surfaces only the decisions that need a human. You'll design and operate product security reviews with human-in-the-loop checkpoints, ensuring coverage scales with the engineering organization without becoming a bottleneck.

You'll be a trusted partner to engineers. That means your tooling works reliably, your findings are accurate, your integrations respect their workflow, and when something breaks or creates noise, you fix it fast. You'll partner closely with Security Testers, Architects, the TPM, and engineering teams across the product portfolio.

You'll also support product incident response when security issues arise, working alongside the broader Product Security team to investigate, scope, and remediate.

What You’ll Do

• SDLC Security Pipeline Build and maintain the product security tooling pipeline integrated across the software development lifecycle. Implement and tune Claude Code Security, Codex Security, GitHub Advanced Security (code scanning, secret scanning, Dependabot), and Wiz CLI across repositories and CI/CD pipelines. Own the configuration, policy enforcement, and continuous improvement of these tools so engineering teams get accurate, actionable security feedback at the speed of development.
• Automated Security Reviews Design and operate automated product security review workflows with human-in-the-loop checkpoints. Use Claude and LLM platforms to automate initial review triage, risk classification, and recommendation generation, escalating to Security Architects or senior engineers for decisions that require judgment. The goal is every change gets appropriate security review coverage without manual review becoming the bottleneck.
• Tooling Integration & Engineering Experience Ensure security tooling integrates cleanly into engineering workflows: GitHub PRs, CI/CD pipelines, IDE plugins, and developer dashboards. Reduce false positives, tune rulesets to the product's actual risk profile, and build feedback loops so findings improve over time. You own the engineering experience of security tooling. When a developer interacts with a security gate, it should be clear, fast, and useful.
• AI-First Automation Leverage Claude Code Security, Codex Security, and LLM platforms to build automation that scales security engineering. This includes automated code review triage, vulnerability pattern detection, fix suggestion generation, policy-as-code enforcement, and security review summarization. Contribute reusable prompts, skills, and plugins back to the Product Security team's shared library.
• Product Incident Response Support Support product incident response alongside the Product Security team. Help investigate security incidents affecting products, scope impact, coordinate with engineering on emergency fixes, and contribute to post-incident reviews and improvements.