Home
Jobs
Saved
Resumes
Senior Product Security Engineer at Mirantis | JobVerse
JobVerse
Home
Jobs
Recruiters
Companies
Pricing
Blog
Jobs
/
Senior Product Security Engineer
Mirantis
Remote
Website
LinkedIn
Senior Product Security Engineer
United States
Full Time
1 day ago
H1B Sponsor
Apply Now
Key skills
Cloud
Kubernetes
Python
SDLC
Terraform
Go
Helm
CI/CD
Leadership
Communication
Collaboration
Trivy
OWASP
Penetration Testing
About this role
Role Overview
Secure Products & Infrastructure: Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines.
Embed security requirements aligned with SOC 2, ISO 27001, and internal standards.
Drive adoption and operationalization of SAST, DAST, container scanning, IaC security, and dependency analysis tooling.
Integrate automated security testing into the SDLC to enable secure-by-design development.
Offensive Security & Vulnerability Management: Lead application security reviews, threat modeling, vulnerability assessments, and penetration testing.
Validate and prioritize findings based on exploitability and business impact.
Partner with engineering teams to ensure timely, measurable remediation.
Proactively identify and demonstrate security weaknesses to improve overall product resilience.
Incident Response & Risk Reduction: Support investigation of product and infrastructure security incidents.
Contribute to root cause analysis and durable remediation strategies.
Identify systemic control gaps and implement long-term risk mitigation measures.
Compliance & Assurance: Support product-level security reviews and audit activities.
Coordinate evidence collection and control validation for SOC 2, ISO 27001, and enterprise requirements.
Translate compliance requirements into actionable engineering controls.
Cross-Product Security Leadership: Develop and maintain security expertise across multiple Mirantis products.
Standardize security practices and tooling across teams.
Strengthen program scalability and reduce single-point-of-failure risk.
Security Advocacy & Enablement: Champion secure design principles and modern application security practices.
Provide actionable guidance during architecture and code reviews.
Drive continuous improvement and automation across the SDLC.
Requirements
5+ years of experience in product security, application security, or security engineering.
Strong knowledge of common vulnerabilities (OWASP Top 10, SANS Top 25) and secure development practices.
Demonstrated experience with manual penetration testing, threat modeling, and exploitation techniques.
Hands-on experience with security tooling and automation, including: SAST / DAST tooling and CI/CD integration
Container image scanning (e.g., Trivy, Grype, Anchore)
IaC security (e.g., Terraform, Helm, KICS, Checkov)
Dependency and software supply chain security tools
Experience with vulnerability management platforms and remediation workflows.
Experience working with containerized environments, Kubernetes, and cloud platforms.
Proven ability to integrate and automate security controls within CI/CD pipelines.
Strong collaboration and communication skills across engineering and product teams.
Experience supporting SOC 2, ISO 27001, or similar compliance frameworks.
Relevant certifications (OSCP, OSEP, OSWE, GPEN, GWEB, GWAPT, GCSA) strongly preferred.
Proficiency in scripting or programming (Go, Python, or similar) is a plus.
Tech Stack
Cloud
Kubernetes
Python
SDLC
Terraform
Go
Benefits
Competitive compensation package
Strong benefits plan
Apply Now
Home
Jobs
Saved
Resumes