Key skills
AWSCloudSDLCAIMLLLMCI/CDRisk ManagementPenetration TestingCloud Security
About this role
Role Overview
- Support in executing a comprehensive product security strategy that aligns with the company's goals and risk appetite.
- You will work hands on across code, infrastructure, and CI/CD to create agents, services and pipelines that detect, prevent and remediate risks leveraging AI where it adds value.
- Design, build and operate security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD.
- Perform Manual Design and Implementation Reviews of Greenlight products and services from a security perspective.
- Establish and enforce secure development standards (i.e. API security, Security patterns, IaC, etc.) and best practices across the organization.
- Serve as SME on the practical security of our AI and LLM ecosystem. Lead threat modeling exercises for novel AI systems applying advanced security and privacy best practices.
- Leverage automations and tools to continuously test, fuzz and validate products and platform components for security issues.
- Perform Penetration testing and retesting to validate fixes.
- Responsible for triaging findings from security researchers and leading incident response for PSIRT.
- OnCall support for incident response and lead product-related security events and vulnerabilities.
- Foster a culture of security awareness and ownership across the Engineering and Product organizations.
- Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.
Requirements
- 5+ years of experience finding security vulnerabilities, security code reviews and knowledge of secure code development for the technology stack at Greenlight.
- 2-4 years experience with the threat modeling process and ability to find design problems based on technical architecture and data flow diagrams.
- Experience with exploiting common security vulnerabilities
- Deep technical knowledge of web and mobile application security, common vulnerabilities, secure coding practices, common exploit mitigations and secure architecture patterns.
- Experience integrating or building AI-powered tools to assist with vulnerability detection, code review or threat modeling.
- Experience creating software that enables security processes especially those leveraging AI/ML for automation or augmentation.
- End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)
- Experience with software development and automation that enables security processes. Deep technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.
- Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing. Fuzzing skills are good to have.
- Skilled in scripting, automation and exploit writing.
- Strong understanding of cloud security principles in AWS environments.
- Strong product sense for rapid iteration and refinement based on data, combined with a collaborative mindset to work closely with engineers, product managers, and security analysts in a fast-paced environment.
Tech Stack
- AWS
- Cloud
- SDLC
Benefits
- Greenlight is an equal opportunity employer
- Committed to an inclusive work environment
- Reasonable accommodations available for hiring process