Senior Product Security Engineer – Customer Platform
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Product Security Engineer at Valon ensuring the security of SaaS platform architecture and customer-facing security capabilities. Collaborate with cross-functional teams to optimize security processes.
Responsibilities:
- Define and evolve product security architecture for Valon’s multi-tenant SaaS platform
- Support secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
- Build and maintain security reference architectures and standardized secure design patterns for product teams
- Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
- Design and build AI-assisted workflows that automate and accelerate product security areas
- Evaluate AI risks across internal and external applications
- Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
- Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
- Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
- Develop, implement, and enforce security policies, standards, and procedures
- Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes
Requirements:
- Focused experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities.
- Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred).
- Experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs).
- Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring)
- Demonstrated ability to build and maintain security reference architectures.
- Strong experience leading threat modeling and security design reviews including security-focused code reviews.
- Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
- Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently.
- Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders.
- Prior software engineering experience and/or coding ability (Python) is preferred.
- Experience working in high-growth or startup environments is a plus.
- 5+ years in security engineering roles focused on product, application, and/or cloud security
- Bachelor's degree in Information Security, Computer Science, Technology or related field
- Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
Benefits:
- Competitive salary with a meaningful stake in the company via equity, and 401k plan
- We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits
- We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient
- Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
- Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!
- Flexible paid time off, sick days, and 11 company holidays
- 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition
Similar Jobs
Senior Security Engineer, Identity & Access Management
Senior Security Engineer designing and managing IAM systems for Valon’s workforce and customer authentication. Collaborating across teams to secure AI-powered capabilities and optimize security processes.
Head of Security, GRC
Head of Security GRC overseeing governance, risk, and compliance for Valon, an AI-native fintech startup. Ensuring security practices for customer data and regulatory requirements are met.
Senior Cloud Security Engineer
Senior Cloud Security Engineer responsible for securing a massive hybrid ecosystem for USPS. Implementing strategies for compliance, identity management, and threat detection in cloud environments.
Compliance/Security Officer
Compliance Officer overseeing comprehensive compliance program while ensuring adherence to federal and state laws. Leading policies, audits, and risk assessments in a healthcare context.
Director of Security
Director of Security responsible for information security and compliance for Crete Professionals Alliance. Leading a team, managing risk, and integrating security processes across the organization.
Security Engineer
Information Security Engineer managing endpoint defense, security awareness, and operations. Collaborating to enhance the security program within FMG's remote IT environment.
Security Tech Lead
Security Tech Lead managing information security initiatives to protect data and systems. Leading and supporting the adoption of secure practices across teams and gaining client trust.
Senior Supply Chain Security Engineer
Senior Supply Chain Security Engineer developing Docker's security-hardened images and managing Helm charts. Collaborating on upstream OSS projects and ensuring compatibility with Kubernetes and security guidelines.
Enterprise Security Engineer
Enterprise Security Engineer at Benchling focusing on building a security program and implementing zero trust strategies for sensitive data protection.
Head of Security Research
Head of Security Research leading a team of security experts at Dropzone AI. Overseeing threat intelligence, detection engineering, and building an elite security team.
Information Systems Security Manager
IT Security Manager leading security professionals to protect sensitive data and ensure compliance. Overseeing cybersecurity policies, incident response, and risk management frameworks.
IT Business Partner, Enterprise Solutions – Real Estate and Corporate Security Platforms
Business Partnering role focused on leading business analysis for Real Estate and Corporate Security technology at Fresenius Medical Care. Collaborating with business owners to define and manage digital strategy and roadmap.
Cybersecurity Engineer II
Mid-level Cybersecurity Engineer responsible for identity security and cloud platforms. Supporting compliance with CMMC and NIST across various government environments.
FP&A Director, Security
FP&A Director overseeing P&L accountability and financial analysis for Cobalt’s security business. Driving key operating decisions and contributing to M&A deals.
Senior Corporate Security Engineer
Corporate Security Engineer handling IT and cloud security for Juniper Square, focusing on threat detection, incident response, and security tooling management.
Security Engineer – Threat Detection
Security Engineer at Snowflake enhancing threat detection capabilities utilizing AI and automation, collaborating across Security and Engineering teams.
Senior AI Security Engineer, Cyber Architecture, OT and Engineering
Sr. Agentic AI Engineer designing, building, and operationalizing agentic AI systems at EY. Working on multi-agent frameworks and intelligent automation to enhance cybersecurity posture.
Senior Security Architect
Remote Sr. Security Architect at Alkami, enabling secure business practices with proactive security initiatives and collaboration across teams in a growing SaaS environment.
Information Security Officer
Information Security Officer at SmartestEnergy Limited shaping ISO 27001:2022 across a global business landscape. Driving governance, risk management, compliance, and security best practices in a collaborative environment.
Network Security Engineer
Network Security Engineer designing, implementing, and maintaining secure network infrastructures at SOFTSWISS. Strengthening corporate security and improving standards in iGaming services.