Product Security Engineer

About Us

We are looking for a senior, hands-on Product Security Tech Lead to drive the design, implementation, and evolution of Zenity’s product and application security programs. You will take ownership of building scalable, developer-friendly security controls and ensuring that secure-by-design principles are embedded across the SDLC. Operating in a fast-paced environment, you will maintain and advance our Secure Design Review process, lead our application and cloud security initiatives, manage security tooling, and partner closely with engineering and DevOps to deliver a fully secured CI/CD pipeline. This role balances technical depth, program ownership, and cross-functional collaboration to ensure that Zenity’s products remain resilient, secure, and trusted.

Responsibilities

• Own, maintain, and continuously improve the Secure Design Review process, ensuring security considerations are integrated early in the development lifecycle.
• Develop, implement, and maintain Zenity’s Application Security Program, including controls, standards, developer enablement, and automation.
• Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting.
• Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams.
• Develop and maintain Zenity’s Cloud Security Program, defining guardrails, policies, and automated controls for secure-by-default cloud deployments.
• Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes.
• Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline, ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages.
• Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations.
• Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development.
• Define and track KPIs, metrics, and reporting for application and cloud security health.
• Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans.
• Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.

• Five (5) + years of experience in Engineering / Security Engineering
• We build solutions when faced with a capability gap
• You’re very comfortable with Kubernetes, Helm, and Terraform
• You’re very comfortable with Python and Typescript
• Three (3) + years of experience in an Application Security/Product Security focused role
• You’ve led AppSec focused “Security Review” programs
• You’ve led CloudSec focused “Secure Design” reviews
• You’ve led multiple vulnerability management campaigns to mitigate Cloud and Application security risks
• Two (2) + years of experience managing enterprise wide security projects
• You have a strong opinion on what a “project plan” doc should look like
• You’ve owned and delivered the migration or deployment of an AppSec focused security tool (SAST, DAST, ASPM, etc.)