Movable InkRemote
Product Security Engineer
United States
Part Time
5 hours ago
$170,000 - $200,000 USD
H1B Sponsor Likely
Key skills
JavaScriptPythonGoRubyAIGitHub ActionsGitHubCI/CDCommunicationSnykOWASP
About this role
Movable Ink is a company that scales content personalization for marketers through data-activated content generation and AI decisioning. They are hiring a Product Security Engineer to help secure their codebases, CI/CD pipelines, and development practices, balancing security with the need for efficient software delivery.
Responsibilities:
- Implement and maintain static application security testing (SAST) using Semgrep across our repositories
- Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies
- Manage secrets detection scanning (Trufflehog) and respond to findings
- Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged
- Triage and prioritize vulnerability findings, working with engineering teams to drive remediation
- Support dynamic application security testing (DAST) efforts using tools like ZAP
- Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation
- Set up and configure automation scripts to support our vulnerability management practices
- Document secure coding guidelines and help educate developers on security best practices
- Evaluate and recommend new security tools as the landscape evolves
Requirements:
- 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
- Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
- Familiarity with CI/CD pipelines and GitHub Actions
- Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
- Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
- Strong written communication skills for documentation and customer-facing security responses
- Self-motivated and able to manage competing priorities in a fast-paced environment