Job Title: Senior Product Security Engineer
Role Overview
We are seeking a Senior Product Security Engineer to own the security posture of our product ecosystem. You will be the primary technical lead for secure design, compliance auditing, and the automation of security controls within our release pipelines.
This is a senior-level role for an engineer who thrives at the intersection of "shipping fast" and "securing deep." You will not just identify vulnerabilities; you will build the automated workflows and governance structures that allow our engineering teams to ship secure products by default. If you are an expert at bridging the gap between developer productivity and rigorous compliance frameworks (SOC 2/ISO 27001), this is your opportunity to drive systemic change.
Key Responsibilities
Product Security & DevSecOps
Pipeline Integration: Design and implement automated security workflows within CI/CD pipelines. Integrate SCA, SAST, and DAST scanning tools to provide developers with real-time feedback.
Vulnerability Lifecycle: Lead the detection, risk-based triage, and remediation coordination for all product vulnerabilities. Maintain accurate dashboards that provide real-time visibility into the security posture of concurrent releases.
Supply Chain Integrity: Define and enforce standards for Software Bill of Materials (SBOM) generation and third-party dependency security.
Compliance & Governance
Audit Leadership: Own the product-side evidence collection and control validation for SOC 2 and ISO 27001 audits. Ensure architecture diagrams, hardening guides, and control logs are always "audit-ready."
Security Advocacy: Drive secure SDLC practices, including threat modeling and cyber-review sign-offs. Act as the subject matter expert when addressing customer-facing security questionnaires and inquiries.
Policy & Standardization: Develop and maintain security policies that align with industry best practices (NIST/OWASP), ensuring they are practical for fast-moving engineering teams to implement.
Qualifications & Requirements
Minimum Qualifications
Experience Baseline: Minimum of five to seven (5-7) years of professional experience in cybersecurity, specifically within a product security or DevSecOps context.
Technical Mastery: Hands-on experience with automated code-scanning tools, vulnerability management platforms, and modern SBOM frameworks.
Compliance Knowledge: Deep understanding of SOC 2 and ISO 27001 frameworks; proven ability to manage evidence collection and remediation tracking.
Automation: Proficiency in scripting (Python, PowerShell, or Bash) to automate manual security tasks.
Preferred Attributes
Experience with cloud-native security, container/Kubernetes hardening, and SIEM integration.
Strong communication skills-the ability to translate "security speak" into clear, business-focused language for customers and executive leadership.
Proactive approach to staying ahead of emerging regulatory requirements (e.g., software supply chain security trends).
Equal Opportunity Employer / Disabled / Protected Veterans
The Know Your Rights poster is available here:
_EEOC_KnowYourRights6.12.pdf
The pay transparency policy is available here:
_%20English_formattedESQA508c.pdf
For temporary assignments lasting 13 weeks or longer, AllSTEM Connections is pleased to offer major medical, dental, vision, 401k and any statutory sick pay where required.
We are committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please contact your staffing representative who will reach out to our HR team.
AllSTEM Connections participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program.
_Participation_Poster_ES.pdf
We also consider for employment qualified applicants regardless of criminal histories, consistent with legal requirements, including, if applicable, the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. Pursuant to applicable state and municipal Fair Chance Laws and Ordinances, we will consider for employment-qualified applicants with arrest and conviction records, including, if applicable, the San Francisco Fair Chance Ordinance. For Los Angeles, CA applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
Additional Skills
(none specified)
AllSTEM Representative Contact Info
Account Executive:
Nichols
Branch Phone:
Location:
Ontario, CA
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 80184143
- Position Id: 566767fcf3a054368452f8976ba81cb4
- Posted 20 hours ago