Senior Product Security Engineer

9 Hours ago • 4-6 Years

Job Summary

Job Description

The Product Security Engineer will ensure the security of the organization’s products throughout their lifecycle, focusing on protecting software, hardware, and firmware. Responsibilities include risk assessment and mitigation, secure development practices, incident response and management, security architecture and development, planning, collaboration, and training. The engineer will also communicate security and privacy risks, guide engineering teams, and integrate security tools into CI/CD pipelines. The role involves working with cross-functional teams to design and implement security controls. The job requires leading architectural changes, performing threat modeling, and ensuring compliance with industry standards.
Must have:
  • 4-6 years of experience in a Product Security role.
  • Bachelor’s degree in Computer Science or a related field.
  • Experience leading architectural changes to mitigate vulnerabilities.
  • Strong understanding of threat modeling methodologies.
  • Experience with Amazon AWS Services and MS Azure.
  • Experience securing web applications.
  • Experience with orchestration tools.
  • Automation scripting experience (e.g. Python).
  • Experience with frameworks such as OWASP Top 10 and CI/CD pipelines.
  • Fluency in Python, React, and Django.
  • Experience with manual source code review.
Good to have:
  • Certifications such as CISSP, CSSLP, or CEH.
  • Experience in IoT, embedded systems, or mobile app security.
  • Knowledge of regulatory and compliance standards.
Perks:
  • Welcoming, energizing, and world-class office (in Toronto).
  • Diverse learning experiences, educational allowances, and mentorship.
  • Investment in your health & wellness.
  • Fair compensation and office perks.

Job Details

We believe small businesses are at the heart of our communities, and championing them is worth fighting for. We empower small business owners to manage their finances fearlessly, by offering the simplest, all-in-one financial management solution they can't live without.


The Product Security Engineer is responsible for ensuring the security of our organization’s products throughout their lifecycle. This role focuses on protecting software, hardware, and firmware from vulnerabilities and cyber threats, aligning with business goals and compliance standards. This role also consults with security adjacent stakeholders and business units to provide suggestions, education, guidance and feedback from a security perspective.


Here’s How You Make an Impact:
  • Risk Assessment and Mitigation: Perform threat modelling application design solutions and vulnerability assessments to identify relevant risks, security gaps or risks in product design and development. Maintain documentation of security controls and processes. Prepare reports on security risks and mitigation efforts for management and regulatory bodies. Audit source code and perform code review for critical application changes. 
  • Secure Development Practices: Implement security tooling and automation to scale the Product Security team’s practices. Advocate for and integrate security best practices in the Software Development Lifecycle (SDLC). Conduct code reviews, penetration testing, and static/dynamic analysis. Ensure compliance with industry standards (e.g., AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, NIST CSF). 
  • Incident Response and Management: Monitor and address security incidents impacting Wave products. Implement and manage SOAR solutions to improve incident response times and efficiency.
  • Security Architecture and Development: Working with product and engineering teams to design, program development, software development and implement security controls and protections within the product via automation. This task ensures the product is built with security in mind from the ground up. Integrate security tools and technologies into the CI/CD pipeline (e.g., static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and infrastructure-as-code (IaC) scanning).
  • Planning, Collaboration and Training: Product roadmap planning with key stakeholders, collaboration with cross functional teams to develop mitigation strategies. Working closely and mentor Product, Engineering, and IT teams for security best practices. Provide security training and awareness for developers and stakeholders.
  • Leadership and Communication: Effectively communicate security, privacy risks and best practices to both technical and non-technical audiences. Ability to guide and influence Wave engineering teams on security matters.


You Thrive Here By Possessing the Following:
  • 4-6 years of experience in a Product Security role.
  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
  • Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
  • Strong understanding of: Threat modelling methodologies such as MITRE ATT&CK, STRIDE, and PASTA;
  • Amazon AWS Services, MS Azure, and their capabilities;
  • Securing web applications;
  • Orchestration tools (ex. Anisible, Terraform);
  • Automation scripting (e.g. Python, Django, etc.)
  • Experience with frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines.
  • Fluency in Python, React, and Django Rest Framework.
  • Experience with manual source code review, and embedding security to code in production environments.
  • Experience with deploying application security tools in the CI/CD pipeline.
  • Experience with securing software development lifecycle including building programs. that eliminate full classes of vulnerabilities.
  • Excellent communication and interpersonal skills.
  • Ability to work independently and within a team.
  • Strong organizational and time-management abilities.

  • Preferred Qualifications
  • Certifications such as CISSP, CSSLP, CEH, or equivalent.
  • Experience in IoT, embedded systems, or mobile app security.
  • Knowledge of regulatory and compliance standards (e.g., AICPA SOC2, NIST CSF, GDPR, HIPAA)


At Wave, you’re treated like the incredible human being you are. 


Work From Where You Work Best: We will always have a welcoming, energizing, and world-class office (in Toronto) with a space for you. Or, if you’re more comfortable working from home, the choice is yours.

We Care About Future You: You will stretch yourself and you will grow at Wave. You will also be supported on this journey with diverse learning experiences, educational allowances, mentorship, and so much more.

We Support the Full You: We make a serious investment in your health & wellness. When we think about benefits we think about body, mind, & soul and we take this stuff very seriously. 

We Take Care of the Fundamentals: Fair compensation, all the office perks you’d want, and the various goodies you’d expect from a growing tech company. This is the obvious stuff, but we don’t want you to think we forgot!


We believe that a diverse and inclusive culture creates the best workplace. We embrace our differences, value individuality, and the broad spectrum of every Waver's skills and abilities. We challenge each other from a place of respect and pursuit of continuous growth. We trust each other and encourage everyone to bring their authentic selves to work, everyday. As Wavers, our voices matter, our opinions are met with an open mind. The best ideas win, no matter whose they are.  Contributing to an inclusive culture is a part of all of our job descriptions. 


We’ve been continuously recognized as one of Canada's Top Ten Most Admired Corporate Cultures and one of Canada’s Great Places to Work in categories including Technology, Millennials, Mental Health, Inclusion and Women.  


Are you ready to be a Waver? Join us!

Similar Jobs

Tide - Senior Engineer, Backend

Tide

Sofia, Sofia City Province, Bulgaria (Hybrid)
51 Minutes ago
Google - Senior Full-Stack UX Engineer, Google Ads

Google

New York, New York, United States (On-Site)
2 Weeks ago
Acceldata - Lead SDET

Acceldata

Bengaluru, Karnataka, India (On-Site)
5 Months ago
Capgemini - Cloud Automation

Capgemini

Bengaluru, Karnataka, India (On-Site)
15 Hours ago
ION - Senior Security Architect

ION

Pisa, Tuscany, Italy (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

ByteDance - Software Engineer, SRE - Platform Services

ByteDance

Seattle, Washington, United States (On-Site)
2 Months ago
T systems - Java Backend Lead/ Architect

T systems

Bengaluru, Karnataka, India (Hybrid)
1 Month ago
Hudl - Senior Software Engineer

Hudl

Lincoln, Nebraska, United States (Hybrid)
1 Day ago
Critical mass - Technology Director - Digital Platform

Critical mass

San Jose, California, United States (On-Site)
9 Hours ago
Ajmera Infotech - Technical Program Manager

Ajmera Infotech

Bengaluru, Karnataka, India (On-Site)
1 Month ago
Assystems - Full Stack React and Java Developer

Assystems

Gurugram, Haryana, India (On-Site)
6 Months ago
Playtika - C# Developer

Playtika

Romania (Hybrid)
6 Months ago
Blitre Rewards - Back End Engineer

Blitre Rewards

New York, New York, United States (On-Site)
1 Day ago
Sumo Logic - Senior Software Engineer I - DevOps Engineer

Sumo Logic

(Remote)
1 Day ago
Luxoft - Senior Infrastructure Engineer

Luxoft

Abu Dhabi, Abu Dhabi, United Arab Emirates (On-Site)
4 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Worldwide

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!