Senior Product Security Engineer

Tines is a company that powers workflows using AI, automation, and integration, serving a diverse range of customers including startups and public companies. They focus on security, IT, engineering, and finance teams, emphasizing simplicity, speed, and soundness.

Location: Remote (US)

Salary: $218,000–$235,000 + equity

Responsibilities

• Partner with product and engineering teams to integrate security throughout the development lifecycle and drive security initiatives across our stack.
• Leverage AI and automation to scale product security coverage, matching the pace of AI-assisted development across engineering.
• Design and implement security controls and architecture that scale with our growing product portfolio.
• Conduct comprehensive security reviews and threat modeling to identify and mitigate potential vulnerabilities, including risks introduced by AI-generated code and AI-powered features.
• Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts.
• Develop and implement automated security testing, monitoring, and response capabilities, using Tines itself, plus AI-driven tooling, to eliminate manual toil.
• Serve as an incident responder during security events and lead post-incident reviews.
• Champion security awareness and provide technical guidance to engineering teams, including best practices for secure AI-assisted development.

Requirements

• 8+ years of experience in application or product security roles, with demonstrated expertise in securing cloud-native applications.
• Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC practices.
• Experience leveraging AI and automation to scale security programs (e.g., LLM-assisted code review, automated triage, agentic security workflows).
• Experience with cloud security (AWS preferred) and securing containerized environments (Docker, Kubernetes).
• Proficiency in modern programming languages; experience with Ruby, TypeScript, and/or Rust is highly desirable.
• Knowledge of security testing methodologies and tools (SAST, DAST, SCA).
• Experience with CI/CD security integration and DevSecOps practices.
• Strong incident response skills and experience participating in on-call rotations.
• Excellent communication skills with ability to translate complex security concepts to diverse audiences.
• Self-motivated with exceptional analytical thinking and problem-solving abilities.