**Description**
**Responsibilities**

- Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement.
- Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices.
- Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks.
- Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle.
- Establish and enforce secure coding standards, development guidelines, and security best practices.
- Mentor and guide software engineers on secure development practices and remediation strategies.
- Perform threat modeling and risk assessments for new and existing products and infrastructure.
- Assist in incident response investigations, root cause analysis, and remediation planning.
- Evaluate third-party libraries, frameworks, and dependencies for security and operational risks.
- Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening.
- Drive vulnerability management efforts, including prioritization, remediation guidance, and validation.
- Help define and implement logging, monitoring, and security alerting strategies.
- Partner with external security consultants and vendors on penetration testing and security assessments.
- Promote a security-first engineering culture across the organization.

**Requirements**
**Requirements**

- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
- 7+ years of experience in software engineering, application security, product security, or cybersecurity engineering.
- Strong understanding of secure application architecture and modern security practices for web, mobile, cloud, and distributed systems.
- Hands-on experience reviewing source code and identifying security vulnerabilities.
- Experience with OWASP Top 10, secure coding standards, authentication/authorization models, API security, and vulnerability remediation.
- Experience securing cloud-native environments in AWS, Azure, or GCP.
- Strong understanding of CI/CD pipelines, DevSecOps practices, container security, and infrastructure security.
- Experience with threat modeling, penetration testing coordination, and incident response processes.
- Ability to mentor engineers and influence technical direction across multiple teams.
- Strong analytical, communication, and leadership skills.

**Preferred Qualifications**

- Experience with unattended retail, IoT, edge devices, kiosks, payment systems, or embedded Linux environments.
- Knowledge of PCI, security compliance frameworks, and enterprise risk management.
- Experience with observability and monitoring tools such as Datadog, Splunk, Instana, or similar platforms.
- Experience working with AI-assisted development tools and understanding emerging AI-related security risks.
- Relevant industry certifications such as CISSP, CSSLP, OSCP, or cloud security certifications.