Senior Level Product Security Engineer Jobs
Senior level product security engineer jobs place experienced engineers in charge of security architecture decisions, threat modeling at scale, and the cross-functional initiatives that protect products from design through deployment. Openings cover 48% remote and hybrid arrangements across Technology & Software, Automotive, and Artificial Intelligence, with employers like Aurora, GEICO, and Okta hiring at this level now.
Find JobsOverview
Showing 5 of 79+ Senior Level Product Security Engineer jobs
Cardless is the infrastructure that lets consumer brands put credit cards directly in their own product. Instead of sending customers off to a bank's website to manage their card, our platform handles the credit program end-to-end (applications, underwriting, servicing, rewards, compliance), so brands can build the card experience inside their own ecosystem. We power programs for Coinbase, Bilt, Qatar Airways, Alibaba, and others. We've raised $170M to date, most recently a $60M Series C led by Spark Capital.
We're hiring a Product Security Lead to drive how we build security into the platform. The work spans authentication, authorization, anti-abuse controls, in-product fraud primitives, and the secure-by-design practices that come with running credit infrastructure for partners of this caliber. The role is hands-on and deeply cross-functional, working with Engineering, Risk, Compliance, Legal, and Data. You'll report to the Head of Engineering.
Responsibilities
Own the security model for our partner-facing APIs: authentication, authorization, tenant isolation, abuse prevention, signing, and audit logging.
Drive a coherent auth strategy across services and surfaces, including step-up auth for sensitive actions and a strong-auth roadmap (passkeys and beyond).
Build the device telemetry, behavioral signals, and velocity primitives that fraud and risk functions depend on.
Be the secure-by-design partner with Engineering — sit in on architecture reviews before features ship, write the threat models, own the tradeoffs.
Own secure SDLC: SAST/DAST, dependency scanning, secret detection, and the security tooling engineers interact with daily.
Coordinate with our infrastructure team to improve our security posture across the stack: from infrastructure, to supply chain, to first-party applications, to third-party dependencies and SaaS platforms.
Be the technical authority on sensitive payment data. Keep the footprint small and well-defined as the platform grows.
Lead incident response on security events (containment, forensics, comms, blameless postmortems) and drive vulnerability remediation across services.
Own the relationship with our external security architecture partner: set priorities, scope engagements, integrate findings into our roadmap.
Serve as the technical counterpart to ensure compliance, translating SOC 2, PCI DSS, and other security frameworks into scalable engineering solutions and ensuring in-product controls are effective in practice - not just on paper.
What we look for
Strong programming skills in Java, Python, or a comparable language — you write production code.
Experience designing or operating secure platform / B2B APIs at scale, especially in multi-tenant environments.
Background in anti-ATO, anti-fraud, or authentication systems at scale (consumer fintech, marketplace, or large consumer platform).
Working knowledge of AWS: IAM, KMS, networking, service-to-service auth.
Comfort with modern AI tooling (Claude, Copilot, and similar) as a daily force multiplier across code review, threat modeling, detection engineering, and security tooling.
Excellent written communication. You'll write threat models, postmortems, and partner-facing security responses.
Comfortable owning the security function in-house while leveraging external specialists as a force multiplier.
Nice to have
Fintech, payments, or other regulated environment experience.
Threat modeling methodology background (STRIDE, attack trees, or your own).
Experience working alongside or building for a risk / fraud operations team.
Experience operating a bug bounty or vulnerability disclosure program.
Why Cardless
You'll lead product security for a platform that powers some of the most recognizable card programs in the world. The work moves real dollars and real trust from the moment you ship. You'll have a real seat in every major architecture conversation, executive visibility, and an external security architecture partner you can lean on.
Benefits
Meaningful start-up equity
100% health, vision & dental primary coverage
75% health, vision & dental dependent coverage
Catered lunches and dinners
$250/month commuter benefit
Parental leave
Team building events
Flexible PTO with a minimum of 15 days off per year
401(k) plan
Relocation assistance
Compensation
This role has an annual starting salary range of $190,000–$260,000 + equity + benefits (see above). Actual compensation is influenced by a wide array of factors including but not limited to skills, experience, and specific work location.
Location
San Francisco, CA — our office is in the Jackson Square district. This role is 5 days a week in office.
See All 79 Senior Level Product Security Engineer Jobs
Find roles that match your experience and apply in just a few clicks.
Find JobsSenior Level Product Security Engineer Job Market
Who's Hiring
- Aurora6

- GEICO4
- Okta3
- Palo Alto Networks3
- Adobe2
Top Industries Hiring
- Technology & Software41
- Automotive7
- Artificial Intelligence7
- Electronics & Hardware5
- Banking & Financial Services5
Senior Level Product Security Engineer Jobs: Frequently Asked Questions
How do I get a senior level product security engineer job?
Employers at this level look for engineers who can own a security domain end to end, not just execute assigned tasks. Demonstrating that you have driven threat modeling programs, influenced product roadmaps, and mentored other engineers will set you apart. Publishing research, contributing to security standards, or holding certifications like CISSP or OSCP strengthens a senior-level candidacy considerably.
Which companies hire senior level product security engineers?
Companies hiring senior level product security engineers right now include Aurora, GEICO, and Okta, based on current listings on Migrate Mate as of July 2026. Hiring at this level tends to come from technology companies, financial institutions, and defense contractors that maintain large product portfolios and need engineers who can lead security strategy rather than follow it.
Are there remote senior level product security engineer jobs?
Yes, remote and hybrid arrangements are common at this experience level. About 48% of senior level product security engineer openings are remote or hybrid as of July 2026, reflecting how many organizations treat senior security talent as distributed by default. On-site roles do exist, particularly in regulated industries where security work touches classified or sensitive infrastructure.
What makes a product security engineer role senior level?
Senior level product security engineer roles are defined by scope and ownership. Where mid-level engineers execute security reviews and respond to findings, senior engineers set the security strategy for a product area, define processes that others follow, and lead threat modeling across entire systems. They also mentor junior and mid-level engineers and serve as the primary point of contact between security and product or engineering leadership.
Which industries hire the most senior level product security engineers?
Senior Level product security engineer roles concentrate in Technology & Software, Automotive, and Artificial Intelligence, based on current listings on Migrate Mate as of July 2026. These sectors drive hiring at this level because they develop complex, widely deployed products where a security compromise carries significant regulatory, financial, or reputational consequences, creating demand for engineers who can lead rather than just contribute.