Cybersecurity Engineer II, Product Security (REMOTE)

Position Purpose:

As a Product Security Engineer, you will act as a dedicated security partner for a specific business portfolio. You won’t just be finding bugs; you will be building a "Secure Flow" (paved path) that integrates security directly into the developer workflow. You will lead a portfolio to establish a scalable operating model, ensuring that every application—whether in-house, SaaS, or COTS—is visible, assessed, and secured.

Key Responsibilities:

• 100% Deliver Execution & Problem Solving - Collaborate with Enterprise Technology to configure and integrate cybersecurity systems that mitigate risk; Troubleshoot and quickly resolve escalated incidents; Design, build, configure, maintain, monitor cybersecurity threat defense capabilities and user access management; Coordinate integration and collaboration with managed security providers; Investigate and recommend corrective actions related to incidents

Direct Manager/Direct Reports:

• This position typically reports to Manager or Sr. Manager
• This position has 0 Direct Reports

Travel Requirements:

• No travel required.

Physical Requirements:

• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Working Conditions:

• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Minimum Qualifications:

• Must be eighteen years of age or older.
• Must be legally permitted to work in the United States.
• 3–5 years of experience in Product Security, Application Security (AppSec), or DevSecOps.
• Hands-on experience integrating and managing security scanning tools such as SAST, DAST, and secret scanning within CI/CD pipelines and source code repositories.
• Experience conducting threat modeling for applications and identifying design-level security risks.
• Ability to interpret security tool findings and partner with engineering teams to remediate Critical and High-risk vulnerabilities.
• Strong communication skills with the ability to clearly explain technical security risks to non-security stakeholders.

Preferred Qualifications

• Experience with SaaS Security Posture Management (SSPM) tools and validating security coverage across a SaaS application portfolio.
• Proficiency with formal threat modeling methodologies such as STRIDE, PASTA, or similar frameworks.
• Experience working closely with architects and engineering leaders to influence secure design decisions early in the development lifecycle.
• Demonstrated ability to build trusted relationships with engineering and product stakeholders and promote a “Secure from Start” mindset.
• Experience maintaining security metrics or scorecards and presenting security posture and remediation progress to leadership or portfolio stakeholders.
• Strong ability to position security as an enabler of developer velocity and business outcomes, not just risk reduction.

Minimum Education:

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Preferred Education:

• No additional education

Minimum Years of Work Experience:

• 2

Preferred Years of Work Experience:

• No additional years of experience

Minimum Leadership Experience:

• None

Preferred Leadership Experience:

• None

Certifications:

• None

Competencies:

• Action Oriented
• Collaborates
• Communicates Effectively
• Customer Focus
• Drives Results