Principal Product Security Engineer

365id

Principal Product Security Engineer developing and managing security programs at 365 Retail Markets. Leading secure design initiatives and mentoring software engineers in secure practices.

Posted 6/9/2026full-timeRemote • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber SecurityDistributed SystemsGoogle Cloud Platform

About the role

Key responsibilities & impact

Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement.
Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices.
Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks.
Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle.
Establish and enforce secure coding standards, development guidelines, and security best practices.
Mentor and guide software engineers on secure development practices and remediation strategies.
Perform threat modeling and risk assessments for new and existing products and infrastructure.
Assist in incident response investigations, root cause analysis, and remediation planning.
Evaluate third-party libraries, frameworks, and dependencies for security and operational risks.
Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening.
Drive vulnerability management efforts, including prioritization, remediation guidance, and validation.
Help define and implement logging, monitoring, and security alerting strategies.
Partner with external security consultants and vendors on penetration testing and security assessments.
Promote a security-first engineering culture across the organization.

Requirements

What you’ll need

Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
7+ years of experience in software engineering, application security, product security, or cybersecurity engineering.
Strong understanding of secure application architecture and modern security practices for web, mobile, cloud, and distributed systems.
Hands-on experience reviewing source code and identifying security vulnerabilities.
Experience with OWASP Top 10, secure coding standards, authentication/authorization models, API security, and vulnerability remediation.
Experience securing cloud-native environments in AWS, Azure, or GCP.
Strong understanding of CI/CD pipelines, DevSecOps practices, container security, and infrastructure security.
Experience with threat modeling, penetration testing coordination, and incident response processes.
Ability to mentor engineers and influence technical direction across multiple teams.
Strong analytical, communication, and leadership skills.

Benefits

Comp & perks

Health insurance
Flexible work arrangements
Professional development

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

secure application architecturesource code reviewvulnerability remediationthreat modelingincident responsepenetration testingcloud securityCI/CD pipelinesDevSecOps practicescontainer security

Soft Skills

mentoringcommunicationleadershipanalytical skillsinfluencing technical direction

Certifications

Bachelor’s degree in Computer ScienceBachelor’s degree in CybersecurityBachelor’s degree in Engineering