Runpod is the AI Developer Cloud, serving over one million developers with a platform for AI experimentation and deployment. They are seeking a Full Stack Security Engineer to secure their customer-facing products and internal services while ensuring the security of their software and user data.
Responsibilities:
- Product Security: Lead threat modeling, architecture reviews, and code reviews for our web applications, APIs, and microservices
- Vulnerability Remediation: Actively develop and commit code to fix security flaws in our Python, Go, or JavaScript/TypeScript codebases alongside the engineering team
- DevSecOps: Implement, tune, and manage security testing tools (SAST, DAST, SCA) within our CI/CD pipelines to catch vulnerabilities early in the SDLC
- Edge & Application Defense: Configure and manage application-layer security controls, including Web Application Firewalls (WAF), bot protection, and API gateways
- Security Championing: Provide security guidance, secure coding training, and standard operating procedures to development teams
- Compliance & Operations: Collaborate with operations to ensure product-level adherence to relevant frameworks (e.g., SOC 2, ISO 27001, GDPR) and participate in bug bounty triage
Requirements:
- 5+ years of experience in application security, product security, or as a software engineer with a heavy security focus
- Strong programming and code-review skills in languages like Python, Go, JavaScript/TypeScript, or similar modern stacks
- Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and modern authentication flows (OAuth, OIDC, JWT)
- Hands-on experience with offensive web security testing tools (e.g., Burp Suite, ZAP)
- Experience building and maintaining automated security pipelines (DevSecOps)
- Ability to translate complex security risks into actionable engineering tasks
- Relevant application security certifications (e.g., OSWE, GWAPT, CISSP)
- Experience securing cloud-native applications running on Kubernetes/Docker environments
- Background in managing bug bounty programs or coordinated vulnerability disclosures