Key skills
Product security architectureCloud securitySaaS IAMSecurity compliance frameworksSecurity design reviewsSecurity policiesstandardsSecurity toolingSoftware engineering experiencePythonStartup experienceHands-on engineercommunicationCollaboration skillsCAIGCPIAMSAMLSSOSaaSCommunicationCollaborationOWASPCloud Security
About this role
Valon is a Series C company building an AI-native operating system for regulated finance, focusing on mortgage servicing. They are seeking a seasoned Staff Product Security Engineer - Customer Platform to ensure the security of their systems, cloud infrastructure, and products, while collaborating with various teams to implement secure capabilities in their SaaS platform.
Responsibilities:
- Define and evolve product security architecture and strategy for Valon’s multi-tenant SaaS platform
- Architect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
- Build and maintain security reference architectures and standardized secure design patterns for product teams
- Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
- Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
- Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
- Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
- Develop, implement, and enforce security policies, standards, and procedures
- Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes
Requirements:
- 8+ years in progressive senior security engineering or architect level roles, with 3+ years leading security design for enterprise-grade cloud and SaaS platforms
- Bachelor's degree in Information Security, Computer Science, Technology or related field
- Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
- Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)
- Hands-on experience with modern security technologies and tooling across cloud and application security
- Extensive experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities
- Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred)
- Proven experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs)
- Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring)
- Demonstrated ability to build and maintain security reference architectures
- Expert-level experience leading threat modeling and security design reviews including security-focused code reviews
- Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
- Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently
- Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
- Prior software engineering experience and/or coding ability (Python) is preferred
- Experience working in high-growth or startup environments is a plus