Senior Product Security Engineer

Summary

Join Tide's Security Engineering team as a Senior Product Security Engineer and contribute to protecting our products and services. You will be responsible for identifying and remediating vulnerabilities in our web and mobile applications, working closely with engineering teams. Proficiency in securing cloud-native applications and threat modeling is essential. You will mentor junior engineers and leverage automation to integrate security into our CI/CD pipelines. The role requires a deep understanding of AppSec and excellent communication skills. Tide offers a flexible workplace model supporting both in-person and remote work.

Requirements

• You have a breadth and depth of knowledge across AppSec; you’re expected to understand topics like why private keys should be stored in the Secure Enclave, the differences between URL Schemes and Universal Links, what presigned URLs are in the context of S3 and the safest storage mechanisms for modern browsers
• You know Burp Suite (or your favourite attack proxy) inside and out; bonus points if you’ve written or contributed to an extension that enhances its functionality
• You have excellent spoken and written communication skills to articulate vulnerabilities clearly and persuasively, advocating for their remediation even when faced with competing production pressures
• You’re comfortable writing proof-of-concept (POC) scripts to demonstrate your findings and their potential impact, as needed
• You have hands-on experience with securing cloud-native applications, ensuring that best practices are consistently applied

Responsibilities

• Regularly dive deep into mobile, web app technologies in order to understand feature development and proactively hunt for vulnerabilities
• Be proficient in securing cloud-native applications, ensuring that security best practices are applied consistently across our cloud environment
• Be proficient in threat modelling and guide developers in secure design principles to prevent vulnerabilities from being introduced in the first place
• Help remediate vulnerabilities through strategic initiatives, writing patches, or creating understandable and actionable vulnerability tickets
• Be the subject matter expert across a wide range of security areas, particularly in Application Security
• Make security invisible when possible, believing that gatekeeping and blocking product teams should be avoided in favour of enabling secure development
• Mentor and coach junior engineers, sharing your knowledge to help raise the security bar across the organisation
• Leverage automation and security tools to seamlessly integrate security into our CI/CD pipelines, ensuring vulnerabilities are caught early without disrupting development

Preferred Qualifications

As a passionate senior security engineer, you have a blog, public speaking engagements, bug bounty profile, or a Git repository showcasing your work

Benefits

At Tide, we champion a flexible workplace model that supports both in-person and remote work to cater to the specific needs of our different teams