Key skills
AWSSaaSCI/CDLeadershipCommunicationCollaborationOWASP
About this role
Bonterra exists to propel every doer of good to their peak impact, and they are seeking a Senior Product Security Engineer to enhance security within their software development lifecycle. The role involves collaborating with various teams to identify security risks, provide guidance, and implement security practices across Bonterra’s platforms.
Responsibilities:
- Lead threat modeling and security design reviews for assigned products and services
- Partner with product managers and engineering leads to help define practical security requirements and guardrails while reducing friction points
- Participation in the grows and evolution of the Security Champion program helping enable and support secure development practices across the engineering teams
- Assess product architectures, data flows, and integrations to identify security risks and provide actionable recommendations for remediation
- Collaborate with teams to make informed, risk-based security decisions that consider real-world usage, customer impact, and business priorities
- Provide clear, actionable guidance to engineering teams on secure design patterns and implementation patterns
- Review and triage security findings from internal testing, bug bounty programs, and third-party assessments
- Support vulnerability disclosure and coordinated response with in collaboration with security and engineering partners
- Contribute to the development and adoption of secure-by-design patterns and reusable security components
- Contribute ideas, feedback, and implementation support toward product security metrics, practices, and roadmap initiatives under the guidance of senior security leadership
- Support DevOps and Application Security engineers by identifying gaps and assisting with improvements in existing DevSecOps workflows and CI/CD pipelines
- Help implement and maintain security tooling and automation for static Analysis (SAST), dynamic analysis (DAST), and other automated security checks within the CI/CD workflows
- Participate in audits and assessments by providing technical input and evidence in coordination with Risk & Compliance teams
- Assist customer-facing teams with security reviews and questionnaires by providing technical context and documentation when requested
- Stay current on emerging threats, attack techniques, and industry best practices
Requirements:
- 5+ years of experience in product security, application security, or secure software engineering
- Strong understanding of product architecture, APIs, and distributed systems
- Experience performing threat modeling and security design reviews
- Ability to assess security risk in the context of product functionality, customer experience, and business impact
- Experience collaborating cross-functionally with product managers and engineering teams
- Ability to influence and guide partners through collaboration rather than authority
- Working knowledge of modern application development practices, CI/CD processes, and how security integrates into them
- Familiarity with security tools including SAST, DAST, SCA, and related DevSecOps controls
- Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), and secure design principles
- Experience helping implementing security controls and automations within CI/CD pipelines
- Strong communication skills with the ability to translate technical risks into clear, actionable guidance
- Experience supporting interactions with external stakeholders such as customers, auditors, or partners on security-related topics
- Familiarity with common compliance frameworks such as SOC 2, NIST, ISO 27001, PCI-DSS, and HIPAA
- Background in software engineering, DevOps, or system architecture
- Experience working with SaaS platforms in a product-focused environment
- Familiarity with secure cloud architecture and configuration, particularly in AWS environments