Product Security Engineer

| USA | Remote | Hybrid
By clicking Apply Now you agree to share your profile information with the hiring company.


Excerpt: Design and implement scalable security infrastructure and help build a culture of security for a rapidly growing team.

Status: Open


About the role

Don’t you wish the security practice at your company was more modern, effective and not chasing its tail? Are you excited by the idea of tackling novel security problems while empowering a delightful experience for end users? If that energy isn’t appreciated where you currently work, join us in developing a proactive, technology-forward product-security discipline, dedicated to eliminating vulnerabilities in application and infrastructure before they even occur. You’ll own the SSDLC and ensure effective security measures are embedded throughout. You’ll be building systems and occasionally building/buying tools that help all of Engineering truly shift left, so you can spend less time chasing vulnerabilities and more time on meaningful security engagement. 

Additionally, this role includes practicing embedded security within Eng teams, teaching them to think through, prevent, and mitigate common security issues all on their own: everything from creating guardrails to implementing AuthN / AuthZ correctly to creating secure and resilient infrastructure as code. The security culture you help create permeates the entire company and has longevity, even when you’re not in the room, because you will help a top-tier Eng team level up. Your work will inform the company’s security roadmap, starting with delivering pieces of a high-speed, automated, and self-service security strategy. 

So far the security projects we’ve worked on have been about:

  • Hardening our Kubernetes deployments
  • Running and evolving our Bug Bounty Program
  • Streamlining our product authorization model
  • Optimizing access control company-wide
  • Automating vulnerability management

About you!

Must have's:

  • 5+ years of product-security experience: 4 years in appsec, 1 in cloudsec
  • You write code and are fond of creating your own automation
  • Deep understanding of software-security principles and a good understanding of cloud-infrastructure security principles
  • Hands-on experience with many of the core infrastructure products that Hex is run on, including Kubernetes, AWS, and Terraform
  • You perform code reviews regularly
  • Proficient at threat modeling and keeping the models updated
  • Able to break down a landscape of scattered security problems, whether complex, simple and/or varies, and group them into logical, achievable components to get the most bang for the buck during quarterly and annual planning
  • Possess an instinct for strategic thinking and aligning with business and product goals, while keeping a healthy balance of velocity and security excellence.
  • Excel at working with several different engineering teams and codebases, and at communicating with engineers and non-technical partners across many different backgrounds, demonstrating curiosity about how their work contributes to Hex’s success.

Nice to have's:

  • Experience scaling and optimizing a bug-bounty program with a good signal:noise ratio
  • Involvement with your Security Community 
  • Interest in the data space, and a love of shipping great products and building tools that empower engineers and users to do more.
  • Curious and willing to dive into the bigger picture of building a company, including go-to-market, customer development, people, and marketing.

Our Engineering team

We’re a group of engineers who are forging new ground together and love partnering with Security on our journey to pull ahead of our competition. You can read about how we think through problems as well as how we learn from mistakes on our blog here:

  • How we took down production…
  • Beyond Linear Notebooks
  • A pragmatic approach to live collaboration

Our Tech Stack runs on AWS:

  • EKS
  • RDS (Postgres)
  • EC2
  • S3 uses:

  • Node.js
  • TypeORM
  • Apollo GraphQL
  • React
  • Redux
  • … and more is written in:

  • TypeScript
  • Python
  • Node
  • Terraform
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
    • PythonLanguages
    • TypeScriptLanguages
    • ReactLibraries
    • GraphQLFrameworks
    • KubernetesFrameworks
    • Node.jsFrameworks
    • TerraformFrameworks
    • PostgreSQLDatabases
    • AWS (Amazon Web Services)Services


330 Jackson Street, San Francisco, CA 94111

What are Hex Perks + Benefits

Hex Benefits Overview

- Unlimited PTO
- Workspace stipend
- 401k match of up to 4%
- Comprehensive medical, vision, and dental insurance plans
- A hybrid model that is remote-friendly, and also prioritizes in-person experiences and collaboration in hub cities (currently NYC and SF) and various opportunities for broader team colocations
- 12-week fully-paid parental leave (16 weeks for gestational parent) with flexible return-to-work policies
- Family planning support along with a $10,000 lifetime benefit through Carrot.

Open office floor plan
Hybrid work model
Flexible work schedule
Remote work program
Health Insurance + Wellness
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Mental health benefits
Financial & Retirement
401(K) matching
Company equity
Child Care & Parental Leave
Generous parental leave
Return-to-work program post parental leave
Vacation + Time Off
Unlimited vacation policy
Paid holidays
Paid sick days
Company-wide vacation
Office Perks
Company-sponsored outings
Free snacks and drinks
Some meals provided
Relocation assistance
Home-office stipend for remote employees
Professional Development
Continuing education stipend

More Jobs at Hex

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about HexFind similar jobs like this