Security Product Manager
Role summary
A technology-driven financial services company is seeking a Senior Security Engineer specializing in Product Security/AppSec. This hands-on role involves collaborating with engineering teams to build secure systems, improve application security, and embed security into the development lifecycle within a highly regulated environment. Responsibilities include identifying and remediating vulnerabilities, conducting threat modeling and architecture reviews, securing CI/CD pipelines and cloud infrastructure, and building tools for security visibility. The ideal candidate has 5+ years of software or security engineering experience, strong application security expertise, and experience with AWS and distributed systems.
Senior Security Engineer (Product Security / AppSec)
Location:
NYC (Hybrid – 4 days/week) or Remote Eligible
Compensation:
$205,000 – $215,000 base + equity + bonus
About the Company
We are a
technology-driven financial services company
focused on helping individuals build wealth through investing, retirement solutions, and financial wellness products, including 401(k) offerings for small and mid-sized businesses.
Our team is deeply mission-driven, working to empower people to build wealth with confidence and ease. We foster a strong engineering culture with a focus on collaboration, innovation, and impact.
About the Role
The
Security Engineering team
acts as a trusted partner across the organization, working to ensure systems, products, and customer data remain secure in a highly regulated environment.
This is a
hands-on, product-focused security role
where you’ll collaborate closely with engineering teams to build secure systems, improve application security, and embed security into the development lifecycle.
You’ll work across modern cloud infrastructure and tooling while contributing directly to code and architecture decisions.
Tech Stack
- Languages: Ruby, JavaScript, Java, Python
- Cloud & Infra: AWS (EC2, RDS, S3, VPC), Kubernetes (EKS), Terraform, Helm
- Tooling: Datadog, CircleCI, Splunk
- Bonus: GraphQL, React, Postgres
What You’ll Do
- Lead and contribute to
product security initiatives
across engineering teams
- Partner with developers to
identify and remediate vulnerabilities
in production code
- Conduct
threat modeling, architecture reviews, and security assessments
- Secure modern systems including
CI/CD pipelines, cloud infrastructure, and web/mobile applications
- Build tools and processes that improve
security visibility and developer productivity
- Mentor engineers and promote
security best practices
across the organization
What We’re Looking For
- 5+ years of experience in
software engineering or security engineering
- Strong expertise in
application security (OWASP Top 10, CWEs, etc.)
- Experience identifying and exploiting
common vulnerabilities
, and implementing fixes
- Background working in a
product-driven environment
balancing business and security needs
- Experience building
distributed systems
using object-oriented languages
- Strong knowledge of
Linux systems and command line
- Hands-on experience securing
AWS cloud environments
Compensation & Benefits
- Competitive base salary ($205K–$215K NYC range)
- Equity + performance bonus
- Comprehensive health, dental, and vision coverage
- 401(k) with employer match
- Flexible PTO
- Additional benefits including FSA/HSA, commuter support, and more
Why This Role Stands Out
- True
product security ownership
(not just advisory)
- High-impact role in a
regulated fintech environment
- Modern, scalable tech stack
- Strong collaboration between
security and engineering
- Opportunity to stay
hands-on with code while driving strategy
If you want, I can also:
- Turn this into a
LinkedIn post version (short + punchy)
- Create a
more startup-style JD
vs enterprise tone
- Or tailor it for
different seniority levels (Staff / Lead)
