Product Security Engineer (Application Security Focus)

About the Role

We are looking for a hands-on engineer responsible for improving the security posture of our software systems by continuously identifying, prioritizing, and resolving vulnerabilities across our application stack.

What You'll Do

• Monitor and remediate vulnerabilities in application dependencies (Python, Node.js, React/Next.js, etc.).
• Upgrade libraries and frameworks while ensuring system stability.
• Maintain and optimize Docker images to reduce security risks.
• Perform container and dependency scanning using tools such as Mend, or similar.
• Integrate security checks into CI/CD pipelines.
• Run and validate tests locally and in CI to ensure upgrades do not break functionality.
• Collaborate with engineering teams to safely roll out updates.
• Maintain visibility into security posture and recommend improvements.

What We're Looking For

• Strong experience with JavaScript/Node.js and/or Python ecosystems.
• Experience with dependency management (npm, pip, etc.).
• Familiarity with Docker and container security best practices.
• Experience with vulnerability scanning tools (Mend, Dependabot, etc.).
• Understanding of CI/CD pipelines (GitHub Actions).
• Ability to troubleshoot breaking changes from library upgrades.
• Strong attention to detail and ownership mindset.

Nice to Haves

• Experience with Kubernetes environments and Terraform.
• Knowledge of OWASP Top 10.
• Experience implementing security policies in CI/CD.