BeyondTrust

Senior Product Security Engineer

BeyondTrust

full-time

Posted on:

Location: 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudCyber Security

About the role

  • Perform hands-on security testing and validation of web applications, APIs, and cloud-native services.
  • Conduct in-depth penetration testing, code reviews, and manual validation to supplement automated tooling.
  • Lead threat modeling exercises and provide actionable guidance to engineering teams on risk mitigation.
  • Identify and triage vulnerabilities, validate fixes, and ensure remediation is effective.
  • Manage and coordinate third-party penetration tests, ensuring findings are tracked to closure.
  • Provide expertise on web and API security standards (e.g., OWASP Top 10, API Security Top 10).
  • Partner with developers and architects to drive secure coding practices and security-by-design principles.
  • Leverage security testing tools (SAST, DAST, SCA, IAST) while prioritizing manual validation of high-risk areas.
  • Collaborate with DevOps/Platform teams to ensure security controls are embedded in CI/CD pipelines without creating friction.
  • Support internal security awareness and champion security best practices across product teams.

Requirements

  • 5+ years of progressive experience in Application & Product Security with direct hands-on testing/validation.
  • Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, and common attack vectors.
  • Proficiency with penetration testing methodologies and tools (Burp Suite, Postman, custom scripts, etc.).
  • Strong knowledge of secure coding practices and common vulnerabilities (OWASP Top Ten, API Security Top Ten, CWE).
  • Experience with application security testing tools (SAST, DAST, SCA) combined with manual exploit validation.
  • Understanding of cloud security best practices (preferably AWS).
  • Strong analytical and problem-solving skills; ability to assess risk and drive practical remediation.
  • Excellent communication skills with both technical and non-technical stakeholders.
  • Ability to thrive in an ambiguous, fast-paced environment and take ownership of deliverables.
  • Experience with mobile application security testing. (Nice to have)
  • Familiarity with container security and infrastructure-as-code scanning. (Nice to have)
  • Professional certifications (OSWE, OSCP, GWAPT, CISSP, CSSLP, or equivalent). (Nice to have)
  • Experience working with bug bounty programs or vulnerability disclosure programs. (Nice to have)
  • Must be based in North America / Remote within Canada or United States.