Product Security Engineer, Smarsh

• The ideal candidate is a pragmatic problem solver with strong technical expertise in application security, cloud security, and DevSecOps
• 7+ years of experience in Product Security, Application Security, or a related security engineering role
• Deep expertise in secure software development, secure coding practices, and OWASP Top 10 / CWE 25
• Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#)
• Experience with cloud-native security (AWS, Azure, GCP) and securing containerized environments (Docker, Kubernetes)
• Proficiency in security testing tools such as Burp Suite, Endor, Semgrep, etc
• Strong background in network security, including firewalls, IDS/IPS, VPNs, and secure network design
• Hands-on experience with CI/CD security automation (GitHub Actions, Jenkins, GitLab CI, etc.)
• Familiarity with infrastructure-as-code security (Terraform, CloudFormation) and cloud security posture management
• Strong understanding of identity & access management (OAuth, OIDC, SAML, JWT) and API security
• Knowledge of industry frameworks like NIST, ISO 27001, and SOC 2
• Experience driving developer enablement and security training initiatives
• Excellent communication and collaboration skills to engage with engineering, product, and leadership teams

Desirable

• We are looking for an experienced Product Security Engineer to partner with engineering teams and proactively identify, assess, and remediate security risks across our product portfolio.
• This role will focus on secure development practices, vulnerability management, threat modelling, and driving a shift-left security culture
• You will work closely with product owners, software engineers, and platform teams to implement security controls that balance risk with business objectives
• Secure SDLC Integration: Embed security within the software development lifecycle, ensuring security is considered at every phase—from design to deployment
• Threat Modeling & Security Design Reviews: Conduct structured threat modelling and security assessments for new features, architectures, and services
• Vulnerability Management & Remediation: Work closely with engineering teams to identify and remediate vulnerabilities from SAST, DAST, SCA, container security, and cloud security scans
• Code & Architecture Review: Conduct secure code reviews and architectural security assessments to identify risks early in the development process
• Automation & Tooling: Enhance security automation capabilities by integrating security testing tools into CI/CD pipelines
• Penetration Testing & Red Teaming: Facilitate internal and external penetration testing activities, helping to triage and remediate findings
• Security Champion Enablement: Collaborate with engineering teams to build security awareness and develop a network of Security Champions
• Incident & Response Readiness: Support Smarsh SOC and security incident response, including root cause analysis and post-mortem reviews for your product(s)
• Security Compliance & Governance: Ensure alignment with regulatory requirements (SOC 2, ISO 27001, etc.) and support audit activities

• Healthcare insurance: We provide medical, dental and vision insurance and a flexible spending account that allows you to set aside pre-tax dollars to pay for eligible out-of-pocket expenses
• Personal time off: A healthy work-life balance is critical to your success at the office. Smarsh offers a "take-what-you-need" time off policy as well as flexible work arrangements
• Recognition: We're big on kudos for a job well done. Our employee recognition program enables co-workers to nominate their peers who best embody our core values for recognition
• Life and disability insurance: Fully paid life and disability insurance coverage is provided from the day you start your job
• Wellness program: You're happier when you're healthier. So we reimburse a portion of employees' monthly health club expenses
• Retirement savings: We match a percentage of your retirement savings contributions. Smarsh employer match invests immediately, so it's yours from day one
• Sabbatical: The Smarsh sabbatical program provides a time to recharge, study or simply a time to do something you are passionate about away from the workplace. Employees are eligible after six years of service
• Giving back: Through our community partnership program, Full Circle, employees make a positive difference and receive paid time off for Full Circle activities so they can support the organizations that matter most to them
• Employee assistance program: We offer free and confidential assessments, short-term counseling, referrals and follow-up services to employees for personal or work-related issues to support their mental and emotional well-being
• Cellphones: To support our mobile and geographically dispersed workforce, we offer corporate cellular plan discounts with both AT&T and T-Mobile
• Getting here and home: Biking and taking public transit to work is not only cool but a smart and green thing to do. Smarsh proudly reimburses for monthly transit costs and biking expenses
• Parental leave: We want to support our colleagues who are starting a family. Smarsh offers paid leave to help you welcome your new bundle(s) of joy into the world

Total funding: $43.6m

The emergence of new digital communication technologies provides businesses with a great opportunity for growth. But regulated businesses need to ensure they carry out communications monitoring, archiving, and compliance to stay on the right side of regulators. This can be difficult to do with new tech - to the extent that some businesses are hesitant to adopt it at all.