Cherry Technologies, Inc. - Senior Product Security Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 4+ years of experience in product security, application security, or a related security engineering role. • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management. • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code. • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation. • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders. • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment. • Penetration testing experience, with the ability to conduct or lead internal red team exercises or external pentest engagements. • Familiarity with payment industry security — PCI DSS, tokenization, EMV, card transaction security. • Experience at a FinTech, healthcare technology, or other regulated-industry company.
Responsibilities
• Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform. • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes. • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products. • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security. • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks. • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities. • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection. • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence. • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization. • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.
Benefits
• Competitive Base + Bonus • Generous equity grant • Fully remote company
No credit card. Takes 10 seconds.