Staff Product Security Engineer

World is building a real human network designed to accelerate people in the age of AI. As a Product Security Engineer, you will be a hands-on technical leader responsible for safeguarding the products and services that power the World project, embedding security into every stage of the development lifecycle.

Responsibilities:

• Lead secure architecture reviews and threat modeling sessions for new application and cloud services
• Engineer and implement automated security guardrails and reusable libraries to make the secure path the easy path for developers
• Perform deep-dive, security-focused code and infrastructure reviews in languages like Rust, Go, and Python
• Own the vulnerability management process, from triaging bug bounty submissions to driving remediation efforts with engineering teams
• Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing engineering organization

Requirements:

• 12+ years of hands-on experience in Product Security, Application Security, or Cloud Security
• Proficient in code review and development in languages like Rust, Go, and Python
• Extensive experience securing modern AWS architectures and developing secure infrastructure-as-code (e.g., Terraform and CDK)
• Expert in leading threat modeling sessions and providing actionable guidance to engineering teams
• Strong background in implementing and managing security tooling (SAST, DAST, SCA) and embedding security into CI/CD pipelines
• Deep understanding of web and API security principles (OWASP Top 10) and have experience securing distributed, mobile-first systems
• Experience scaling a security champions program
• Expertise in Kubernetes (EKS) and container security
• Particular interest in securing mobile applications or smart contracts