Product Security Engineer

Remote /
Trust – Information Security /
Full-time (Remote)
Who We Are
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attack. Our combination of market-defining technology, processes, and expertise are preventing breaches every day. We are completely changing the way security is delivered and setting the new standard for security. If our mission resonates with you, let’s talk!  

What We Believe In
- Do what’s right for the customer
- Be kind and authentic
- Deliver great quality
- Be relentless

Challenges You Will Solve
Delivering excellent, secure software is paramount to Red Canary's mission! Some of the best security teams in the world depend on our software to protect their organizations, and in turn we expect the highest standards of security for our platform.

You will collaborate across product teams mature our product security program to ensure secure outcomes for software development at scale. Under your guidance, the Red Canary product security model will be viewed as the standard by which all other security providers are measured. The program you will join enables rapid development of our product features for our customers, by providing repeatable secure patterns and seamless guardrails.

A continuous improvement mentality is crucial for success! In this role you’ll get the opportunity to craft and implement security standard methodologies at every stage of the development lifecycle, from design through production. Not only will you have the chance to uncover exploitable bugs in software, but more meaningfully, you’ll be an integral piece of getting them fixed as early in the process as possible. 

What You'll Do

    • Embed with the product teams and attend regular stand-ups and planning meetings and build positive relationships with key partners
    • Act as the as the security expert on your product, ensuring the corporate security controls are working as designed, that security requirements are provided to the team before coding begins, and that vulnerabilities are being fixed within their SLAs.
    • Ensure s-SDLC controls are embedded in your product and serve as control owner for a subset of these controls, mentoring other team members
    • Engage in application and domain-specific threat modeling, and attack surface analysis and reduction
    • Work alongside engineers, performing peer review and mentoring as needed
    • Assist in continuous improvement efforts

What You'll Bring

    • Experience developing and/or securing enterprise-grade web applications
    • Working knowledge of common languages such as Ruby, Javascript, Go, etc.
    • Strong experience in web application security issues and standards (ex. OWASP)
    • Strong foundation in core information security principles and concepts (encryption, authentication, etc.)
    • Experience with industry application security tools and technologies (Static, Dynamic, etc)
    • Familiarity in public cloud security deployment and implementation issues
    • Excellent communication, and the ability to explain complex security topics in simple terms
Targeted base salary range: $135,000- $165,000 + bonus eligibility and equity depending on experience.

Why Red Canary?
Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 

At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary: 

Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.