Product Security Engineer
פורסם 10 במאי · 0 מועמדים
התפקיד במילים פשוטות
מהנדס אבטחת מוצר זה אחראי על הטמעת שיקולי אבטחה בשלבים מוקדמים של מחזור הפיתוח, פיתוח ותחזוקת תוכנית אבטחת היישומים של Zenity, וניהול כלי SAST ו-DAST. התפקיד כולל גם ניטור ובקרת אבטחה של SDLC, פיתוח תוכנית אבטחת ענן, ושותפות עם DevOps לתכנון ויישום צינור CI/CD מאובטח. בנוסף, המהנדס יספק הדרכה לצוותי הנדסה, יוביל אוטומציה באבטחת מוצר וענן, ויזהה ויטפל בפערים באבטחה.
- Five (5) + years of experience in Engineering / Security Engineering
- comfortable with Kubernetes, Helm, and Terraform
- comfortable with Python and Typescript
- Three (3) + years of experience in an Application Security/Product Security focused role
- led AppSec focused “Security Review” programs
חולץ מתיאור המשרה · מתעדכן אוטומטית
למי זה מתאים
התפקיד מתאים למהנדסים בעלי חמש שנות ניסיון ומעלה בהנדסה/הנדסת אבטחה, עם שלוש שנות ניסיון לפחות בתפקיד המתמקד באבטחת יישומים/מוצר. נדרשת גם שנתיים ניסיון בניהול פרויקטי אבטחה ברמה ארגונית, וכן שליטה ב-Kubernetes, Helm, Terraform, Python ו-Typescript. התפקיד פחות מתאים למי שאין לו ניסיון מוכח בהובלת תוכניות סקירת אבטחה וניהול קמפיינים לטיפול בפגיעויות.
תיאור המשרה המלא
המשרה המקורית · נשמר לעיוןAbout Us Zenity is the first and only holistic platform built to secure and govern AI Agents from buildtime to runtime. We help organizations defend against security threats, meet compliance, and drive business productivity. Trusted by many of the world’s F500 companies, Zenity provides centralized visibility, vulnerability assessments, and governance by continuously scanning business-led development environments. We recently raised $38 million in a Series B funding, solidifying our position as a leader in the industry and enabling us to accelerate our mission of securing AI Agents everywhere. Responsibilities Own, maintain, and continuously improve the Secure Design Review process , ensuring security considerations are integrated early in the development lifecycle. Develop, implement, and maintain Zenity’s Application Security Program , including controls, standards, developer enablement, and automation. Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting. Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams. Develop and maintain Zenity’s Cloud Security Program , defining guardrails, policies, and automated controls for secure-by-default cloud deployments. Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes. Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline , ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages. Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations. Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development. Define and track KPIs, metrics, and reporting for application and cloud security health. Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans. Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.
Requirements: Five (5) + years of experience in Engineering / Security Engineering We build solutions when faced with a capability gap You’re very comfortable with Kubernetes, Helm, and Terraform You’re very comfortable with Python and Typescript Three (3) + years of experience in an Application Security/Product Security focused role You’ve led AppSec focused “Security Review” programs You’ve led CloudSec focused “Secure Design” reviews You’ve led multiple vulnerability management campaigns to mitigate Cloud and Application security risks Two (2) + years of experience managing enterprise wide security projects You have a strong opinion on what a “project plan” doc should look like You’ve owned and delivered the migration or deployment of an AppSec focused security tool (SAST, DAST, ASPM, etc.)
שאלות על המשרה
- המשרה לא ציינה שכר. אנחנו מציגים שכר רק כשהמעסיק מפרסם אותו.
- היברידי
- Five (5) + years of experience in Engineering / Security Engineering, comfortable with Kubernetes, Helm, and Terraform, comfortable with Python and Typescript, Three (3) + years of experience in an Application Security/Product Security focused role, led AppSec focused “Security Review” programs