LaunchDarklyRemote
Product Security Engineer
United States of America
Full Time
2 weeks ago
$136,000 - $187,000 USD
H1B Sponsor Likely
Key skills
TypeScriptPythonGoAISaaSSDLCOWASPCloud Security
About this role
LaunchDarkly's Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. The role focuses on threat modeling and cloud security posture, helping developers move fast without sacrificing security through automation and guidance.
Responsibilities:
- Lead threat modeling engagements on the features and services where the risk warrants it
- Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running
- Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup
- Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands
- Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives
- Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts
- Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them
Requirements:
- 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred
- Comfortable reading and critiquing pull requests in a modern stack. You don't need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps
- Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent)
- Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus
- Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations
- Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated
- Experience with developer tools, SaaS platforms, or feature management
- Bug bounty triage experience (HackerOne, Bugcrowd)
- Familiarity with Go, Python, or TypeScript
- Contributions to internal security tooling or open-source security projects