Job Description We’re looking for a Product Security Engineer to join our team and help champion the security of our platform. We don't expect you to be a "unicorn" who knows everything on day one; instead, we are looking for someone with a strong foundation in application security who is eager to learn and grow. In this role, you will act as a bridge between security and engineering. You will start by focusing on hands-on security testing and code review, and with the support of senior team members, you will gradually expand your scope to include architecture reviews, automated tooling, and strategic security initiatives. What You’ll Do (and learn to do) Application Security Testing: Perform security assessments and code reviews on our web apps, mobile apps, and APIs. You will combine manual testing with automated tooling to validate security controls against industry standards. Vulnerability Disclosure & Management: Triage incoming reports from bug bounties, vulnerability disclosures, and external penetration tests. You will help manage the intake process and work towards establishing a formal Bug Bounty program in the future. Secure Software Development Lifecycle (SSDLC): Assist in integrating security tooling (SAST, DAST, SCA) into our CI/CD pipelines (AWS/GitHub). You will help tune these tools to ensure high-fidelity alerts for our developers. Threat Modeling Support: Partner with senior security engineers and product teams to participate in threat modeling sessions. You will learn to identify architectural flaws and logic vulnerabilities in the design phase. Developer Enablement: Collaborate with engineering teams to advocate for secure coding practices. You will help build "paved roads"—secure defaults and libraries—that make it easier for developers to write secure code in Kotlin and Python. Cloud Security Basics: Gain exposure to securing infrastructure-as-code and AWS environments, helping ensure our microservices architecture remains resilient.