DevSecOps engineer at Ford ensuring secure software development and compliance with security standards. Collaborating with teams to embed security practices and assess vulnerabilities in software delivery.
About the role
- Staff Security Engineer driving product security initiatives at Aircall, integrating security into product lifecycle. Collaborating closely with teams to ensure systems are secure and resilient.
Responsibilities
- Drive and scale secure-by-design practices across product and engineering teams, integrating security into design, development, CI/CD, and release workflows.
- Lead security design and architecture reviews for major product initiatives; define security requirements, controls, and patterns that teams can adopt consistently.
- Own and evolve threat modeling practices, ensuring risks are systematically identified early and mitigations are validated.
- Perform deep technical assessments (manual code review, targeted security testing, validation of fixes) for high-impact findings and critical services.
- Identify and reduce classes of vulnerabilities across Aircall’s codebases and services (e.g., auth/authz flaws, injection, logic issues, SSRF, API security, cloud misconfigurations).
- Build and improve security tooling and automation that scales across engineering (e.g., guardrails, CI checks, policy-as-code, leveraging AI for autonomous security-review processes that don’t slow delivery).
- Triage and drive remediation of vulnerabilities discovered through internal testing, automated detection, and external reports (including coordinated disclosure where applicable).
- Investigate and respond to product security incidents, helping with containment, root cause analysis, and prevention. Participate in on-call/threat-response rotations, escalating and coordinating during high-severity events.
- Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly.
- Serve as a trusted advisor to engineering and product leadership, translating security risks into pragmatic, prioritized actions and tradeoffs.
- Own cross-team product security initiatives (e.g., secure SDLC improvements, secure design frameworks, security champions, org-wide security patterns and standards).
- Mentor and up-level engineers across security and product teams through reviews, pairing, coaching, and security education.
Requirements
- 8+ years of relevant experience in Product Security / Application Security / Secure Software Engineering (or equivalent).
- Proven track record of leading product security work across multiple teams and influencing architecture and SDLC maturity at scale.
- Strong foundation in secure design, threat modeling, vulnerability discovery, and remediation strategies.
- Proficient with one or more of Programming languages ( Python/Java/JavaScript) and ability to read code to identify security defects.
- Knowledge of common vulnerability classes and modern application risks (OWASP Top 10, API security, identity/auth patterns, cloud-native risk).
- Experience designing or contributing to scalable, automated security review or decision-support workflows, including the use of AI-assisted systems to improve consistency, speed, or coverage.
- Familiarity with cloud-native infrastructure security (AWS/GCP/Azure + Kubernetes) and service-to-service security patterns
- High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight.
- Strong communication skills and ability to drive alignment across engineering/product partners.
Benefits
- 💵 Competitive salary package & equity
- 🏨 Medical, dental, and vision insurance is 100% covered
- 📈 401k plan with company matching!
- ✈️ Unlimited PTO — take the time you need to come to work feeling great!
- ⭐️ Wellness, internet, and childcare reimbursements
- 💚 Generous parental leave policy
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Security Officer responsible for ensuring safety and security at the Genesee Brewing Company. Monitoring premises, responding to emergencies, and providing visitor assistance during shifts.
Security Estimator creating estimates and proposals for security projects at LINX. Collaborating with engineering and sales teams for system design and client relationships.
Product Security Architect at Expedia designing secure architecture for services and APIs. Collaborating with teams to guide secure practices and integrate AI - driven solutions.
IT Security Officer overseeing information security for a specific IT sector at Desjardins. Collaborating with cross - sector teams and managing information security risks and vulnerabilities.
Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
IAM Security & Technology Governance person driving IAM technical program with cutting - edge technology to improve security posture at MUFG. Manage IAM requirements, standards, governance and solutions across global implementation.
Senior Analyst in Mastercard's newly created Vocalink Control Office supporting control testing across Security domains. Ensuring a strong control environment and identifying gaps for improvement.
Senior Analyst focusing on Information Security and Compliance at Cirque du Soleil. Engaging in threat analysis and improvement of security tools and processes, within a creative company culture.
Security Architect designing and implementing cybersecurity architectures for UK Defence projects. Collaborating with stakeholders to safeguard client data against cyber threats.