GreenlightRemote
Senior Staff Product Security Engineer
United States of America
Full Time
4 weeks ago
$180,000 - $240,000 USD
H1B Sponsor Likely
Key skills
AWSGitHubiOSAndroidLeadershipCommunicationOWASPPenetration TestingCloud Security
About this role
Greenlight Financial Technology is the leading family fintech company on a mission to help parents raise financially smart kids. They are seeking a Senior Staff Product Security Engineer to define the technical vision for product security and drive large-scale security initiatives across the engineering organization.
Responsibilities:
- Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements
- Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership
- Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team
- Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security
- Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, IaC policies, and API security frameworks
- Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform
- Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships
- Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data
- Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation
- Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape
- Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company
Requirements:
- 12+ years of experience in product security, application security, or a related engineering discipline
- Proven track record of defining and driving security programs at scale across complex, multi-platform environments
- Hands-on experience architecting and implementing security solutions and processes in production environments, enabling engineering teams to build and ship securely at scale
- Expert-level knowledge of web and mobile application security, including OWASP Top 10, API security, and mobile threat vectors (iOS and Android)
- Deep hands-on experience with the full AppSec toolchain: SAST, DAST, IAST, SCA, secrets scanning, and runtime protection
- Strong command of cloud security architecture and controls, particularly in AWS environments
- Experience leading or heavily influencing the security architecture of distributed, microservices-based systems
- Experience in developing and implementing security solutions
- Demonstrated ability to build strong cross-functional relationships and influence engineering culture without direct authority
- Exceptional communication skills — you can distill complex security risk into clear, actionable language for engineers, executives, and non-technical stakeholders alike
- Experience operating in regulated industries (e.g. financial services, fintech, healthcare)
- Hands-on certifications such as OSCP, GWAPT, GPEN, CISSP, or equivalent — and/or public code/research. Share your GitHub or any public security work with us!
- Experience building or scaling Product Security programs in high-growth startup environments
- Familiarity with security tools including Burp Suite, or Kali Linux