Product Security Engineer - Reviews

Product Security Engineer – Reviews

Knowledge of web application security fundamentals and the OWASP Top 10 / CWE Top 25 vulnerabilities.
Ability to perform manual secure code reviews in Java, .NET, Go, C, C++, Python, Swift, Kotlin, or similar languages.
Hands-on experience with penetration testing techniques and tools like Burp Suite.
Understanding of modern web application components, architecture, and security principles.
Ability to explain security risks and remediation options to developers and product teams.
Basic proficiency in scripting (Python, Bash, or similar) for security automation.

Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
Conduct penetration tests on web applications, services, and infrastructure.
Identify and report security vulnerabilities, providing clear mitigation strategies.
Collaborate with engineers to improve security awareness and secure coding practices.
Develop and enhance security tools and automation to identify vulnerabilities more efficiently.
Assist in handling externally reported security vulnerabilities by investigating and validating reports.
Stay up to date on emerging security threats and research new attack techniques.

Familiarity with authentication and authorization protocols (OIDC, SAML, OAuth).
Experience with mobile application security testing (Android/iOS).
Exposure to SAST, DAST, SCA, or fuzzing tools.
Understanding of cryptographic principles and secure implementations.
Interest in network security, protocol analysis, and vulnerability exploitation techniques.
Experience creating proof-of-concept scripts to demonstrate security findings.