Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Cherry

Staff Product Security Engineer

Cherry

Product Security Engineer embedding in engineering team at a FinTech, securing products from development to deployment. Monitoring threats and educating engineers on security principles.

Posted 4/30/2026full-timeRemote • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
AWSCloudSDLC

About the role

Key responsibilities & impact
  • Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform.
  • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes.
  • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products.
  • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security.
  • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks.
  • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities.
  • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection.
  • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence.
  • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization.
  • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.

Requirements

What you’ll need
  • 5+ years of experience in product security, application security, or a related security engineering role.
  • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management.
  • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code.
  • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation.
  • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines.
  • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders.
  • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment.
  • Nice to Have: Penetration testing experience, familiarity with payment industry security, experience at a FinTech, healthcare technology, or other regulated-industry company.

Benefits

Comp & perks
  • Competitive Base + Bonus
  • Generous equity grant
  • Medical, vision, and dental benefits
  • Fully remote company
  • Flexible PTO

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
product securityapplication securityauthenticationauthorizationOAuth 2.0OIDCJWTSAMLRBACABAC
Soft Skills
communicationcross-functional collaborationmentoringsecurity ownership