Omilia - Conversational Intelligence

Senior Product Security Analyst

Omilia - Conversational Intelligence

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudMicroservicesSDLC

About the role

  • We are seeking a highly capable and pragmatic Senior Product Security Analyst to safeguard our products, platforms, and customers as we scale.
  • This is a senior individual contributor role with clear accountability and decision-making authority, responsible for independently identifying, assessing, and driving resolution of security risks across the product lifecycle.
  • Reporting to the Director, Product Security, you will act as the primary application and product security owner for assigned products, partnering closely with engineering, product management, cloud, and platform teams.
  • You will embed application-focused security practices into design and delivery, exercise sound technical and risk judgment in release decisions, and play a key role in advancing the maturity, consistency, and resilience of our product security capabilities in a fast-growing environment.
  • Act as the primary application and product security partner for assigned products and services, owning end-to-end security reviews from design through release.
  • Lead application-focused security assessments, including architecture reviews, threat modeling, and secure design validation for APIs, microservices, and SaaS platforms.
  • Independently assess security risk and approve, delay, or block releases when required, escalating decisions where business urgency or customer commitments necessitate alignment.
  • Provide authoritative, risk-based guidance to engineering teams, helping them understand not just what needs to be fixed, but also include security and risk context.
  • Own vulnerability triage and prioritization for assigned products, ensuring findings are contextualized based on exploitability, exposure, and business impact.
  • Interpret results from application security testing activities (SAST, DAST, SCA, manual reviews), translating technical findings into actionable remediation guidance.
  • Monitor relevant external threats, attack techniques, and vulnerability trends, proactively assessing applicability to products and platforms.
  • Support investigation and remediation of product- and application-related security incidents.
  • Partner with engineering, platform, and cloud teams to embed secure-by-design practices into the SDLC, with a strong emphasis on application-layer controls.
  • Apply hands-on technical judgment to validate engineering assumptions, challenge risk decisions, and ensure security controls are implemented effectively.
  • Contribute to the evolution of application security standards, guardrails, and review practices that scale across multiple product teams.
  • Support alignment of application and product security practices with applicable frameworks such as PCI DSS and GDPR, focusing on practical security outcomes rather than checkbox compliance.
  • Translate internal controls into actionable engineering requirements and support evidence collection for audits and assessments as needed.
  • Coordinate and support penetration testing, bug bounty programs, and third-party security assessments, ensuring timely remediation and risk closure.
  • Build trusted, durable relationships with product, engineering, cloud, platform, and CGRC teams.
  • Clearly articulate security risk, trade-offs, and remediation options to both technical and non-technical stakeholders.
  • Contribute to the long-term maturity of the product and application security program through pattern recognition, continuous improvement, and shared learning.

Requirements

  • 5+ years of experience in application security, product security, or a closely related domain.
  • Strong practical understanding of secure SDLC, application security principles (e.g., OWASP Top 10), threat modeling, vulnerability management, and security risk assessment.
  • Demonstrated experience owning end-to-end security reviews for applications or products, including release decision support.
  • Hands-on familiarity with application security testing approaches (SAST, DAST, SCA), with the ability to interpret findings and assess real-world risk.
  • Experience working with cloud-native SaaS environments, preferably AWS, including API driven and microservice based architectures.
  • Working knowledge of PCI DSS and GDPR, with experience translating security and compliance requirements into engineering practices.
  • Ability to apply independent technical and risk judgment, including challenging assumptions and driving remediation.
  • Strong communication skills, capable of engaging both engineers and business stakeholders.
  • Experience working in agile or iterative development environments.
  • Strong verbal and written communication skills in English.
  • Willingness to collaborate across distributed teams and time zones with reasonable flexibility.
  • Nice to have
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field.
  • Relevant certifications such as CCSP, CSSLP, AWS Certified Security, or AWS Solutions Architect.
  • Experience with manual application security testing, secure design reviews, or API security analysis.
  • Exposure to customer-facing SaaS platforms with regulatory or data protection requirements.
  • Familiarity with AI-enabled or data-intensive systems, including emerging application security and privacy considerations.
  • Experience contributing to the evolution of security standards, review patterns, or guardrails across multiple teams or products.
  • Background in quickly evolving organizations that rapidly scale and mature security and compliance practices.
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securityproduct securitysecure SDLCthreat modelingvulnerability managementsecurity risk assessmentapplication security testingSASTDASTSCA
Soft Skills
independent technical judgmentrisk judgmentstrong communication skillscollaborationengagement with stakeholderspattern recognitioncontinuous improvementshared learningdecision-makingaccountability
Certifications
CCSPCSSLPAWS Certified SecurityAWS Solutions Architect