Audit Data Search, Inc.Remote
Application Security Engineer - Product
United States
Full Time
1 hour ago
H1B Sponsored
Key skills
C#C++CGoSwiftKotlinRustAIGenAIAgenticOAuthiOSAndroidSDLCCommunicationPenetration Testing
About this role
Audit Data Search, Inc. is a leading digital media and technology company seeking a Principal Technical Product Security Engineer to build a flagship product. The role involves partnering with engineering teams to drive secure-by-design practices for complex client applications and influencing security strategies early in the software development lifecycle.
Responsibilities:
- Lead secure architecture reviews and threat modeling for complex client-side applications
- Partner directly with engineers on design decisions, code reviews, and remediation, including guidance on secure implementation
- Guide product developers in crafting products to be robust against misuse and abuse - with the lowest friction possible
- Drive security for desktop and mobile applications across modern OS environments (Windows, macOS, Linux, iOS, Android)
- Advise on OS-level security controls, including sandboxing, privilege separation, IPC, and secure local storage
- Embed security into the SDLC through tooling, secure patterns, and developer education
- Support vulnerability remediation and incident response in thick client environments
- Influence security strategy across a high-impact product area
- Oversee, coach and mentor more junior members of the team
Requirements:
- 10+ years of experience in product / application security, with demonstrated ownership at the system or product level
- Bachelor's Degree in a related field, Master's Degree highly preferred
- Deep, hands-on experience securing thick client / native applications (desktop and/or mobile)
- Strong understanding of OS security models, including sandboxing, IPC, local storage protections, and secure use of platform APIs
- Proficiency in GenAI security, Agentic AI, modern cryptography, certificate management, secure authentication (OAuth, WebAuthn, FIDO2), and secure session handling
- Hands-on experience with secure coding practices in at least one systems language (C++, Rust, Go) and one application language (Kotlin, Swift, C#)
- Familiarity with static/dynamic analysis tools, fuzzing, penetration testing, and reverse engineering for client applications
- Experience embedding security into the SDLC (threat modeling, code reviews, secure design patterns)
- Ability to manage incident response and vulnerability remediation for thick client environments
- Strong cross-team communication skills and ability to write clear developer-facing security guidelines
- Ability to work directly with engineers and provide practical, actionable remediation guidance and clearly communicate ideas and solutions
- Experience securing large-scale consumer products
- Background in systems-level or client-side security research