Software Engineer - Product Security

As a Product Security Engineer at Ema, you will bridge backend engineering and Cloud Security, developing systems to embed security into Ema’s platform. This involves designing internal tools, influencing architecture, and scaling application security programs to protect production workloads. The role demands strong engineering judgment and an InfoSec mindset, focusing on proactive security measures and robust system protection.

Must Have

• Design, build, and maintain internal security tools and platforms.
• Implement and improve security controls directly into product and platform workflows.
• Influence engineering architecture and ensure secure-by-design implementations.
• Own and scale application security programs including SAST, SCA, dependency risk, and custom detection logic.
• Support penetration testing efforts by validating findings and engineering durable fixes.
• Perform threat modeling for new features and systems.
• 4-7 years of experience building scalable software systems with a strong emphasis on security engineering.
• Excellent programming skills (Python required).
• Proven experience building internal tools and frameworks.
• Proven ability to build security platforms from zero to production scale.
• Strong judgment translating abstract risk into concrete engineering controls.
• Track record of influencing architecture across product, infra, and reliability teams.
• Comfortable owning ambiguous, high-impact security problems end to end.
• Experience integrating security into CI/CD pipelines and developer workflows.

Good to Have

• Go or similar programming language strongly preferred.
• Develop automation to reduce manual security effort across vulnerability management, access reviews, and incident response.
• Conduct secure design and code reviews with a strong focus on exploitable logic flaws and systemic risks.
• Build tooling to surface security signals from production systems and dev workflows.
• Comfortable operating cross-functionally with Product, Engineering, and Infra teams.

Role Overview:

As a Product Security Engineer at Ema, you sit at the intersection of backend engineering and Cloud Security, building systems that bake security directly into Ema’s platform. You’ll design internal tools, influence architecture, and scale application security programs that protect real production workloads. The job demands strong engineering judgment, and InfoSec mindset.

Primary responsibilities

• Design, build, and maintain internal security tools and platforms to improve Ema’s overall security posture.
• Implement and improve security controls directly into product and platform workflows.
• Influence engineering architecture and ensure secure-by-design implementations.
• Own and scale application security programs including SAST, SCA, dependency risk, and custom detection logic.
• Support penetration testing efforts by validating findings and engineering durable fixes.
• Perform threat modeling for new features and systems, translating risks into concrete engineering solutions.

Additional Responsibilities

• Develop automation to reduce manual security effort across vulnerability management, access reviews, and incident response.
• Conduct secure design and code reviews with a strong focus on exploitable logic flaws and systemic risks.
• Build tooling to surface security signals from production systems and dev workflows.

Desired Profile

• 4–7 years of experience building scalable software systems, with a strong emphasis on security engineering, with excellent programming skills (Python required; Go or similar strongly preferred).
• Proven experience building internal tools, and frameworks used by engineering teams.
• Proven ability to build security platforms from zero to production scale.
• Strong judgment translating abstract risk into concrete engineering controls.
• Track record of influencing architecture across product, infra, and reliability teams.
• Comfortable owning ambiguous, high-impact security problems end to end.
• Experience integrating security into CI/CD pipelines and developer workflows.
• Comfortable operating cross-functionally with Product, Engineering, and Infra teams.