Key skills
Product securityApplication securitySecurity tooling automationVulnerability managementKubernetesCloud platformsCompliance frameworksScriptingprogrammingSecurity advocacyThreat modelingPenetration testingCollaboration skillsCommunication skillsPythonGoAIMachine LearningTerraformHelmSDLCCI/CDCommunicationCollaborationTrivyOWASPPenetration Testing
About this role
Mirantis is the Kubernetes-native AI infrastructure company, enabling organizations to build and operate scalable, secure, and sovereign infrastructure for modern AI, machine learning, and data-intensive applications. The Senior Product Security Engineer will help secure Mirantis' products and services, implementing security controls and collaborating with engineering teams to ensure a secure software development lifecycle.
Responsibilities:
- Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines
- Embed security requirements aligned with SOC 2, ISO 27001, and internal standards
- Drive adoption and operationalization of SAST, DAST, container scanning, IaC security, and dependency analysis tooling
- Integrate automated security testing into the SDLC to enable secure-by-design development
- Lead application security reviews, threat modeling, vulnerability assessments, and penetration testing
- Validate and prioritize findings based on exploitability and business impact
- Partner with engineering teams to ensure timely, measurable remediation
- Proactively identify and demonstrate security weaknesses to improve overall product resilience
- Support investigation of product and infrastructure security incidents
- Contribute to root cause analysis and durable remediation strategies
- Identify systemic control gaps and implement long-term risk mitigation measures
- Support product-level security reviews and audit activities
- Coordinate evidence collection and control validation for SOC 2, ISO 27001, and enterprise requirements
- Translate compliance requirements into actionable engineering controls
- Develop and maintain security expertise across multiple Mirantis products
- Standardize security practices and tooling across teams
- Strengthen program scalability and reduce single-point-of-failure risk
- Champion secure design principles and modern application security practices
- Provide actionable guidance during architecture and code reviews
- Drive continuous improvement and automation across the SDLC
Requirements:
- 5+ years of experience in product security, application security, or security engineering
- Strong knowledge of common vulnerabilities (OWASP Top 10, SANS Top 25) and secure development practices
- Demonstrated experience with manual penetration testing, threat modeling, and exploitation techniques
- Hands-on experience with security tooling and automation, including: SAST / DAST tooling and CI/CD integration, Container image scanning (e.g., Trivy, Grype, Anchore), IaC security (e.g., Terraform, Helm, KICS, Checkov), Dependency and software supply chain security tools
- Experience with vulnerability management platforms and remediation workflows
- Experience working with containerized environments, Kubernetes, and cloud platforms
- Proven ability to integrate and automate security controls within CI/CD pipelines
- Strong collaboration and communication skills across engineering and product teams
- Experience supporting SOC 2, ISO 27001, or similar compliance frameworks
- Relevant certifications (OSCP, OSEP, OSWE, GPEN, GWEB, GWAPT, GCSA) strongly preferred
- Proficiency in scripting or programming (Go, Python, or similar) is a plus