Mirantis

Senior Product Security Engineer

Mirantis

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇨🇿 Czech

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

CloudGoKubernetesPythonSDLCTerraform

About the role

  • Secure Products & Infrastructure: Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines to align with internal security standards and regulatory frameworks (e.g., SOC 2, ISO 27001).
  • Drive adoption of modern security tooling and practices including SAST, DAST, container image scanning, Infrastructure as Code (IaC) security, and dependency analysis.
  • Offensive Security & Vulnerability Management: Lead vulnerability assessments, application security reviews, and penetration tests.
  • Triage and prioritize findings, collaborating with product and engineering teams to drive timely and measurable remediation.
  • Proactively identify and exploit vulnerabilities to strengthen product security posture.
  • Incident Response Support: Partner with Security Operations and Engineering to investigate application and infrastructure vulnerabilities. Contribute to root cause analysis, remediation plans, and long-term risk reduction.
  • Compliance & Assurance: Support security reviews, audits, and compliance initiatives through documentation, evidence collection, and coordination with external auditors or vendors.
  • Cross-Product Security Coverage: Build and maintain security expertise across multiple Mirantis products to strengthen team resilience, provide flexible coverage, and help shape a scalable, sustainable Product Security program.
  • Security Advocacy & Enablement: Champion secure design and development practices, provide actionable guidance during security reviews, and drive security automation efforts across the SDLC.

Requirements

  • 5+ years of experience in product security, application security, or a related security engineering role.
  • Strong understanding of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25) and secure development best practices.
  • Demonstrated experience performing offensive security activities such as manual penetration testing, threat modeling, and exploitation of vulnerabilities.
  • Hands-on experience with security testing and automation, including: SAST/DAST tooling and pipelines, Container image scanning (e.g., Trivy, Grype, Anchore), IaC security (e.g., Terraform, Helm, Kics, Checkov), Dependency and supply chain security tooling.
  • Familiarity with vulnerability scanning and management tools, application security testing, and manual review techniques.
  • Experience with containerized environments, Kubernetes, and cloud platforms.
  • Proven ability to integrate security controls into CI/CD pipelines and automate security testing as part of the SDLC.
  • Excellent collaboration and communication skills, with the ability to work closely with product and engineering teams.
  • Experience with SOC 2, ISO 27001, or similar compliance frameworks is a plus.
  • Relevant certifications such as OSCP, OSEP, OSWE, or SANS/GIAC certifications (e.g., GPEN, GWEB, GWAPT, GCSA), or other equivalent offensive security and application security credentials are strongly preferred.
  • Proficiency in scripting or programming languages (e.g., Go, Python or similar) is an advantage.
Benefits
  • Work with an established Silicon Valley leader in the cloud infrastructure industry.
  • Work with exceptionally passionate, talented and engaging colleagues, helping Fortune 500 and Global 2000 customers implement next-generation cloud technologies.
  • Be a part of cutting-edge, open-source innovation.
  • Thrive in the high-energy environment of a young company where openness, collaboration, risk-taking, and continuous growth are valued.
  • Professional development and training.
  • Attend conferences and working groups.
  • Customized workstation (macOS, Windows).
  • A competitive compensation package with strong benefits plan and stock options.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
product securityapplication securitypenetration testingthreat modelingvulnerability assessmentsecurity testingautomationscriptingprogramming languagessecure development best practices
Soft skills
collaborationcommunicationproblem-solvingleadership
Certifications
OSCPOSEPOSWESANS/GIACGPENGWEBGWAPTGCSA