Information Security Engineer - Product Security

Summary

Join Credible as an Information Security Engineer – Product Security and collaborate with engineering, product, and DevOps teams to design and build secure products. You will protect user data by identifying vulnerabilities, mitigating risks, and automating security. This hands-on role influences the software development lifecycle. Credible prioritizes practical skills, curiosity, and collaboration over specific degrees or certifications. A strong GitHub profile is required. The role involves collaborating on secure system architectures, conducting security reviews and code audits, integrating security tools into CI/CD pipelines, identifying and remediating vulnerabilities, developing automation tools, contributing to security policies, facilitating red team exercises, staying current on security threats, and participating in on-call rotations and incident response.

Requirements

• Degree in Computer Science or related field, or at least 3 years of experience in software development
• Solid understanding of software security principles, threat modeling, and common vulnerabilities (OWASP Top 10, CWE, etc.)
• Advanced skill with one or more modern programming languages (e.g., Python, Ruby, JavaScript, TypeScript, Java)
• Familiarity with web application security, API security, and cloud security (AWS preferred)
• Comfortable navigating and contributing to large codebases; strong Git proficiency
• Experience integrating security into CI/CD workflows using tools like GitHub Actions, Github Advanced Security, CircleCI, etc
• Self-starter with strong interpersonal, communication, and collaboration skills
• A GitHub profile showcasing relevant projects or contributions is required

Responsibilities

• Collaborate with engineering teams to design secure system architectures and product features
• Conduct threat modeling, security reviews, and code audits across a variety of languages and platforms, primarily Ruby and Javascript
• Integrate automated security tools into CI/CD pipelines (SAST, DAST, dependency scanning)
• Identify, triage, and help remediate vulnerabilities across codebases and deployed environments
• Develop internal tooling and scripts to automate security checks and controls
• Contribute to security policies, developer guidelines, and awareness training
• Facilitate red team exercises by preparing environments and coordinating with external firms who conduct penetration tests
• Stay current with emerging security threats and trends; help Credible stay ahead of them
• Participate in the on-call rotation, incident response and postmortems as needed

Benefits

• Annual discretionary bonus
• Various benefits, including medical/dental/vision, insurance
• A 401(k) plan
• Paid time off
• Other benefits in accordance with applicable plan documents