Key skills
Product Security ArchitectureThreat ModelingSecurity Tooling AutomationSaaS Security ExpertiseWeb Application SecurityMobile Application SecurityApplied CryptographyOffensive SecurityCloud SecuritySoftware EngineeringMentoring EngineersCommunicationCross-Functional CollaborationJavaScriptPythonJavaC++CSwiftKotlinArtificial IntelligenceMachine LearningSaaSSDLCCI/CDProduct ManagementPenetration Testing
About this role
Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online. As a Senior Product Security Engineer, you will architect trust into Incode’s products by designing secure foundations and operationalizing product security throughout the software development lifecycle.
Responsibilities:
- Partner with engineering and product management teams to perform threat modeling, architecture & design, and code reviews. Assess security implications, requirements for the secure development of new systems, features, and technologies
- Provide hands-on remediation guidance to development teams and design security architecture, features and controls that keeps our customers' data safe and preserves their privacy
- Build a security paved road through automation and tooling (SAST, SCA, MAST, IaC, DAST, Fuzzing, etc.) into the SDLC and CI/CD integrations that enables our developers to easily produce secure software
- Define, architect, build, improve and validate secure software supply chain and build provenance mechanisms
- Manage, triage, and provide support to external researchers in our vulnerability disclosure and bug bounty programs
- Provide proof of concept exploits, facilitate vulnerability remediation, and drive adherence to software security standards through policy as code
- You'll help scale the engineering organization and mentor engineers on best practices in secure software design and architecture
Requirements:
- Deep expertise in at least one domain: web application and browser security, mobile application security, applied cryptography, machine learning and artificial intelligence security, offensive security, cloud security, hardware security
- Expert level experience in software engineering for a SaaS product company
- Experience with a variety of security tooling, including: SAST, DAST, SCA, IaC Scanning, Image and Container Scanning, MAST, IAST, and offensive security and proxy tooling
- Deep expertise with common application security flaws, security controls, and common security libraries and identifying security issues through code review, threat modeling, penetration testing, and other techniques manually and with tools
- You are a strong communicator who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership
- Extensive experience in SaaS product development and security space; securing complex interconnected web and mobile applications and their architectures using Python, JavaScript, Swift, Java, C++, Kotlin, or any other modern language
- You enjoy collaborating cross-functionally to accomplish shared goals, and you care about learning, growing, and helping others to do the same
- Secure-by-Design Thinker – You embed security at the architecture stage, not as an afterthought. You think in systems and build scalable guardrails that make secure development the default
- Hacker-Minded Engineer – You know how to break software, model real-world threats, and translate offensive thinking into resilient product defenses
- Automation-First Builder – You operationalize security tooling across CI/CD and the software supply chain, reducing friction while raising the bar
- Influential Partner – You collaborate seamlessly with engineers and product leaders, translating technical risk into actionable guidance and elevating the security maturity of the entire organization