Subscribe job alerts

Remote Job

Senior Product Security Engineer

  • fullTime
  • Posted : 3 weeks ago

FileCloud is the fastest-growing Enterprise File Share and Sync (EFSS) solution in the industry, with over one million users worldwide. Our products are used by many global 2000 and Fortune 500 companies and world-leading public sector organizations. FileCloud recently closed a $30 million Series A investment led by Savant Growth to address the growing demand for enterprise security, compliance, and workflow automation. We are currently expanding our team as we grow and improve FileCloud.

FileCloud is a Hyper-secure, Enterprise File sharing and sync application that can run On-Prem or delivered as a hosted solution. It is designed to run in high security environments in a air-gapped networks delivering its capabilities without compromising security.


FileCloud is looking for a Senior Product Security Engineer. In this role you will successfully lead and coordinate the efforts across the development teams to develop and maintain security protocols resulting in prevention and mitigation of security vulnerabilities across all aspects of FileCloud as a product.

This leadership role requires deep software development and security experience and the ability to coordinate and influence other teams to drive the security agenda across the organization.

Below is a non-exhaustive list of some of the important tasks owned by this role:

1. Implement and run the Product Security Board

  • Build the security board team. This team is tasked with owning all product security decisions for FileCloud
  • Conduct a gap analysis on processes and policies for the software development process
  • Develop threat model for FileCloud
  • Analyze security risks (reported internally or externally) and drive them to resolution with various teams
  • Monitor and recommend product upgrades to be in compliance in meeting the standards that certain 3rd parties have set forth
  • Identify, assess and manage software security tech debt
  • Manage Security hardening team. The security hardening team is made up of developers who are working on analyzing existing product code and identify security tech debt

2. Implement SSDLC process for FileCloud (working with the dev team leads)

  • Review HLD and do security sign off
  • Implement CI/CD pipeline changes to setup security
  • Security training for developers and create guidelines for security best practices

3. Security Testing (working with QA and Release teams)

  • Develop internal pen testing process- OWASP/ZAP, third party pen testing tools, ethical hacking, Red teaming
  • Coordinate Pen testing and resolutions - Required for each release

4. Operations

  • Run bug bounty process
  • Run product security ops team for responding to security incidents
  • Communicate clearly on security related technical issues to the org
  • Work with the documentation team to draft, review and approve security advisories that must go on the website and emails
  • Professionally handling of customer communication for security related items
  • Setup and maintain OKR & KPI metrics related to product security


  • 5+ Years of work experience as software engineer with focus on product security
  • Strong experience in software development process with strong software architecture knowledge
  • Bachelor’s degree in computer science or related field
  • Development, scripting, or automation experience – Strong desire in automating your daily workflows to make your day more productive. You are comfortable writing in Python, PHP, or similar scripting languages
  • Strong knowledge of various web-related technologies (such as Web applications, web servers, services, architectures etc.) and of network/web related protocols.
  • Familiar with common security libraries, security controls, and common security flaws that apply to PHP applications
  • Familiarity with application security such as OWASP Top 10
  • Experience with standard web application security tools such as BurpSuite or similar alternatives
  • Experience working with static code analysis tools such as Sonarqube or similar alternative
  • Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is a plus
  • Experience with network security and networking technologies and with system, security, and network monitoring tools is a plus
  • Knowledge of Linux Tools/architecture & logging systems


  • Be part of a team of passionate, committed individuals dedicated to building a world-class product
  • Dedicated time for training and education opportunities
  • A mentorship model wherein your mentor and team support your development.
  • A competitive salary with an annual bonus
  • Fully remote working whilst offering flexible hours that fall outside of the companywide core hours of 9am -12pm (US Central time zone)
  • 20 days of paid time off which increases by a further 5 days after 5 years of service (in addition to 10 public holidays in your country)
  • Paid day off on your birthday or on an alternative day if your birthday falls outside a normal working day
  • Paid day off to volunteer with the charity of your choice
  • Paid monthly internet cost and lunch stipend provided
  • Reimbursement of all hardware costs associated with the role

*A job offer for this position is contingent upon the candidate successfully passing full security screening background and employment reference checks.

Similar Jobs

Remote Job

Senior Product Security Engineer

  • 3 years ago
  • We are looking for an experienced product security engineer to join our team that can help us to strategically push forward the state of product security throughout GitHub. The product security team is dedicated to identifying the most important application and product security risks and use our pas

View All