BeyondTrust - Sr Product Security Engineer

• 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development • Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation • Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation • Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits • Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products • Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications • Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities • Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security • Strong communication skills: you can explain a complex exploitation chain to an engineering team and deliver a clear risk narrative to leadership • Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms • Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms • Experience with mobile application security testing and thick client assessments • Familiarity with container security, Kubernetes security, and infrastructure-as-code scanning • Experience working with bug bounty programs, vulnerability disclosure programs, or coordinated disclosure • Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent hands-on credentials • Contributions to security research, open-source security tooling, or published vulnerability disclosures • How We'll Measure Success • Consistent discovery of meaningful vulnerabilities with validated PoC exploits that drive remediation across the product portfolio • AI-powered threat hunting skills and fuzz factory plugins actively finding vulnerability classes at scale that manual testing alone would miss • Validated findings include specific, implementable fix recommendations that engineering teams act on • Offensive findings translate into measurable defensive improvements through partnership with Cyber Defense and Research • Reusable skills, prompts, and plugins you build are adopted by the broader Product Security team • Engineering and security leadership trust your severity assessments and prioritization recommendations • Better Together • Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected. • We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together. • BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders. • BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners. • Learn more at www.beyondtrust.com.