The Lead Product Security Engineer will secure ASAPP's cloud-native applications, test security measures, and enhance product security throughout its lifecycle, while collaborating with various teams.
At ASAPP, our mission is simple: deliver the best AI-powered customer experience—faster than anyone else. To achieve that, we’re guided by principles that shape how we think, build, and execute. We value customer obsession, purposeful speed, ownership, and a relentless focus on outcomes. We work in tight, skilled teams, prioritize clarity over complexity, and continuously evolve through curiosity, data, and craftsmanship.
We’re seeking technologists and problem solvers who thrive in fast-paced environments, love collaborating with great talent, and approach every day like it’s Day 1. We're a globally diverse team with hubs in New York City, Mountain View, Latin America, and India—embracing both hybrid and remote work to bring the best minds together, wherever they are. If you're driven by continuous learning, rapid pivots, and the challenges of building in a high-growth startup, we’d love to talk. This is more than a job—it’s a journey.
ASAPP is seeking a full-time Product Security Engineer to test and enhance the security of our complex, distributed, cloud-native microservices products. You will collaborate with fellow security engineers and the engineering organization at large, focusing on securing our applications and cloud infrastructure using advanced cloud-native and custom solutions. Your primary goal will be to fortify our application security across the product lifecycle, ensuring robust protection for our innovative AI-driven solutions.
As a member of our growing security team, you will have oversight and responsibility for application security testing, threat modeling, and architecture. You will play a pivotal role in building and optimizing our cloud security infrastructure and implementing a variety of application detection and response tools. By leveraging ASAPP’s people and technology, you will ensure maximum security and contribute actively to system design reviews, fostering a strong security culture throughout our organization.
What you’ll do
- Embedded with Product Engineering, Product Managers, and Architects to ensure alignment and effective collaboration with a goal: Secure ASAPP products and underlying infrastructure
- Gain domain expertise: Deep understanding of ASAPP product portfolio and can represent them from security perspective
- Understand customer data flows and data protection requirements
- Ensure adherence to security best practices for custom software, open-source software (OSS), and APIs.
- Ensure security across the entire SDLC process, including CI/CD tooling automation, container security, vulnerability management, design reviews, and internal application-pentest for new services and enhancements
- Threat modeling product design along with product engineering team
- Collaborate with key lines of business and engineering teams
- Act as a Security Champion
- Participate in the security incident detection and response process
What you'll need
- 5+ years of experience in securing applications on cloud-native environments and distributed systems, identifying and implementing security controls
- Background in offensive security, security testing, and security architecture
- Deep understanding of cloud-based (AWS and GCP mainly) infrastructure and security technologies
- Familiar with container ecosystems (docker, k8s, helm), and security best practices
- Proficient in at least one high-level programming language (Python, Goland)
- Experience designing and documenting security solutions architecture
- Strong interpersonal, verbal and writing communication skills as well as a strong sense of ownership and accountability
What we’d like to see
- B.S. in Computer Science or related field - or equivalent experience
- Experience implementing security (GHAS, etc) into CI/CD tools such as Codefresh, ArgoCD, GitlabCI among others
- Deep understanding of cloud-native solutions, including IaC (Terraform), concepts and good practices
- Experience running end to end vulnerability management across applications and cloud infrastructure
- Familiar with encryption and secrets management technologies (Hashicorp Vault, AWS KMS, symmetric and asymmetric encryption)
Benefits
- Competitive compensation
- Stock options
- Prudent Insurance
- Onsite lunch & dinner
- Connectivity (mobile phone & internet) stipend
- Wellness perks
- Mac equipment
- Learning & development stipend
- Parental leave, including 6 weeks paternity leave
ASAPP is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status. If you have a disability and need assistance with our employment application process, please email us at [email protected] to obtain assistance.
Top Skills
AWS
Aws Kms
CircleCI
Docker
Gitlabci
Go
Hashicorp Vault
Helm
Kubernetes
Python
Similar Jobs
.png)
Software
As a Lead Product Security Engineer, you will implement security programs, assist product management with security activities, and educate teams on security best practices.
Top Skills:
ComplianceDevsecopsSecurity StandardsSecurity TestingSecurity ToolsThreat Modeling
Big Data • Fintech • Information Technology • Business Intelligence • Financial Services • Cybersecurity • Big Data Analytics
This role focuses on Salesforce platform development, integrating business systems, and ensuring adherence to operating models, while supporting team collaboration and Agile methodologies.
Top Skills:
ApexCopadoCSSETLHTMLJavaScriptJSONLightning Web ComponentsMulesoftRestSalesforceSoapSOQLSoslVisualforceXML
Big Data • Fintech • Information Technology • Business Intelligence • Financial Services • Cybersecurity • Big Data Analytics
The Consultant will support the Salesforce platform's development, manage integrations, adhere to operational models, and guide the business community on Salesforce capabilities. Responsibilities include developing custom apps and ensuring successful platform operations.
Top Skills:
ApexCopadoCSSETLHTMLJavaScriptJSONLightning Web ComponentsMulesoftRestSalesforceSoapSOQLSoslVisualforceXML
What you need to know about the Chennai Tech Scene
To locals, it's no secret that South India is leading the charge in big data infrastructure. While the environmental impact of data centers has long been a concern, emerging hubs like Chennai are favored by companies seeking ready access to renewable energy resources, which provide more sustainable and cost-effective solutions. As a result, Chennai, along with neighboring Bengaluru and Hyderabad, is poised for significant growth, with a projected 65 percent increase in data center capacity over the next decade.
