Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Collective

Product Security Engineer

Collective

Product Security Engineer building Collective's application security program with AI focus. Driving vulnerability remediation and security testing integration in a fintech environment.

Posted 7/17/2026full-timeSan Francisco • California • 🇺🇸 United StatesMid-LevelSenior💰 $170,000 - $200,000 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in application security engineering, with a focus on SAST, DAST, and SCA tooling integrated into CI/CD processes. Capable of driving vulnerability remediation and fostering collaboration with product engineers to enhance security posture in a fintech environment.

Highest-signal resume keywords
Application Security EngineeringSAST, DAST, SCA ToolingVulnerability RemediationCI/CD IntegrationLLM and AI Automation

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Vulnerability AssessmentSecurity Posture ImprovementCode ReviewPython/Django DevelopmentThreat Modeling
Soft Skills
Clear CommunicationCollaborationProduct EmpathyPersistence
Tools & Technologies
SemgrepCodeQLBanditOWASP ZAPBurp Suite
Industry Keywords
FintechSensitive Financial DataVulnerability LandscapeSecurity Feedback

Tech Stack

Tools & technologies
AWSDjangoPython

About the role

Key responsibilities & impact
  • Build and operate an agentic application security program: the full testing stack — SAST, DAST, and software composition analysis (SCA) — integrated into CI/CD, LLM-based triage that separates real findings from noise, and automated security review of pull requests — so security feedback arrives in minutes, not review cycles.
  • Drive vulnerability remediation end to end: triage and rate findings from scanners, penetration tests, and researchers; route fixes to owning teams; track them to closure against SLAs; and verify that fixes actually close the hole.
  • Eliminate vulnerability classes at the root: ship secure defaults, paved-path libraries, and framework-level fixes so the easy way to write a feature is also the safe way — targeted, well-scoped code changes in the product codebase.
  • Lead threat modeling and security review for new features and platform changes, engaging with product engineers early in design rather than at the end — and automate the practice over time, so threat models are living documents that agents draft and update as the system changes rather than point-in-time artifacts.
  • Tune and evolve the program's signal quality: new rules, better prompts, fewer false positives — treating the agentic pipeline itself as a product you iterate on.
  • Stay current on the vulnerability landscape relevant to a fintech platform handling sensitive financial and tax data, and translate what matters into concrete program changes.

Requirements

What you’ll need
  • 4+ years of security engineering experience with real depth in application security: you know the major vulnerability classes cold — how they're introduced, exploited, and durably fixed — and you've improved the security posture of a production platform, not just reported on it.
  • Hands-on experience with SAST, DAST, and SCA tooling and CI/CD integration — Semgrep, CodeQL, Bandit, OWASP ZAP, Burp Suite, or equivalent — including the judgment to know which findings matter.
  • Genuine enthusiasm for building with LLMs and AI agents: you've used them to automate security work (or are visibly on your way there), you can write and evaluate the prompts and workflows that make agentic tooling reliable, and you treat AI as leverage rather than a threat to the craft.
  • Enough software engineering skill to make confident, well-scoped changes in a production codebase — reading unfamiliar code, shipping a paved-path library, fixing a vulnerability pattern across a service (we run Python/Django on AWS). Building large systems from scratch is not the center of this role; landing precise changes in someone else's code is.
  • Experience driving remediation through teams you don't manage: clear writeups, severity calls you can defend, and the persistence to get fixes over the line without burning relationships.
  • Product empathy: security feedback that engineers act on is feedback shaped for how they work — you optimize for fixed vulnerabilities, not filed tickets.

Benefits

Comp & perks
  • Hybrid Work Model: Based in San Francisco with a balance of in-office and remote flexibility.
  • Fresh Lunch: Provided on in-office days.
  • Commuter Support: $150 monthly reimbursement for transit expenses.
  • Health & Wellness: $200 quarterly reimbursement to support your well-being.
  • Time Off: Flexible PTO plus 14 company holidays.
  • Comprehensive Coverage: 100% medical, dental, and vision for employees; 75% coverage for dependents.
  • Parental Leave: 16 weeks fully paid.
  • Retirement & Ownership: 401k plan plus an equity package.
  • Team Connection: Quarterly virtual events and an annual in-person summit.