Skip to main content
NEUN
Back to Careers

TRM Labs

Senior Product Security Engineer

North AmericaFull-timeGlobal

šŸ’° USD 215,000 - 230,000/yr

šŸ“Š MidšŸ  Remote

Job Description

[AI-summarized by JobStash]

You will lead application security reviews and threat modeling, perform secure code reviews, and test product security across services. You will develop automated security testing, mature the Secure SDLC, own vulnerability management and coordinate penetration testing. You will support engineers with security best practices, run the bug bounty program, bootstrap platform security initiatives, and provide just-in-time secure coding training and mentorship to engineering teams.

Requirements

  • ā—Minimum 8 years of experience in Software Development and testing
  • ā—BS or equivalent in Computer Science, Computer Engineering, or related field
  • ā—Proficiency in Python, NodeJS, React
  • ā—Strong understanding of encryption, authentication, and authorization protocols
  • ā—Deep experience with common software flaws (e.g., OWASP and CWE) and testing methodologies
  • ā—Experience with SAST, DAST, and SCA tools and Github advanced security
  • ā—Professional experience with cloud providers such as GCP and AWS
  • ā—Experience with threat modeling tools (e.g., OWASP Threat Dragon)
  • ā—Experience with web application testing frameworks such as BurpSuite and OWASP ZAP
  • ā—Experience triaging and remediating vulnerabilities in software packages or libraries
  • ā—Experience conducting code security reviews regularly
  • ā—Experience in agile-based software development roles
  • ā—Experience with red teaming or penetration testing applications and infrastructure
  • ā—Strong written and verbal communication skills
  • ā—Security certifications such as OSCP, CEH, GWAPT are a plus
  • ā—Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

Responsibilities

  • ā—Lead application security reviews and threat modeling
  • ā—Perform secure code reviews and security testing
  • ā—Develop automated testing and mature the Secure SDLC
  • ā—Own application security vulnerability management
  • ā—Coordinate penetration testing engagements
  • ā—Support software engineers and product teams with security best practices
  • ā—Develop and maintain the bug bounty program
  • ā—Bootstrap platform security initiatives to protect data
  • ā—Foster security champions and deliver secure code training

Benefits & Perks

  • ā—Eligibility to participate in TRM's equity plan

Tech Stack

bug bountysecure codingred teamingDASTSASTCWEagilePythonAWSNode.js
Expired
Search