Senior Product Security Engineer

Senior Product Security Engineer - Applications

Join to apply for the Senior Product Security Engineer - Applications role at Optimum
.

We are Optimum, a leader in connectivity, and we’re on the hunt for enthusiastic professionals to join our team. A career at Optimum means enabling progress and enhancing lives by providing reliable, high‑speed connectivity solutions that keep the world connected.

The Product Security organization helps Optimum move faster, securely. We’re a team of engineers who work to enable other teams to build products as quickly as possible while continuing to protect our customers. We support developers in shipping secure code by building security tools and services, providing security training and expertise, and advocating for best practices in authentication, authorization, and safe data handling across the company.

• Collaborate with engineering and product teams to integrate security and secure‑by‑default guardrails into the product lifecycle, ensuring security is a core consideration in all design and development decisions.
• Conduct threat modeling and risk assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies.
• Perform rigorous security testing and reviews to uncover and address security weaknesses.
• Lead initiatives automating security processes from the developer workstation to cloud, SaaS, and datacenter environments.
• Design, build, deploy, and support security‑focused solutions across cloud and on‑premise footprints.
• Foster a security‑first culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship.
• Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements.
• Contribute to incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences.

• Bachelor’s degree in Computer Science, Electrical Engineering, a related field, or equivalent professional experience. Master’s degree is a plus.
• 5+ years of combined hands‑on experience in software engineering and application and infrastructure security, including securing cloud‑based and containerized environments.
• Demonstrable experience with product and application security concepts, including API, web, and mobile app security.
• Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non‑technical audiences, including senior leadership.
• Proven ability to establish credibility and build trust with engineers and operational staff.
• Expertise in conducting comprehensive threat modeling and risk assessments to identify and mitigate vulnerabilities.
• Experience building, deploying, and securing workloads and infrastructure in Google Cloud Platform (GCP).
• Experience utilizing and securing AI/ML models and AI‑integrated solutions, a general understanding of AI concepts, and a willingness to learn more.
• Proficient in modern security frameworks, tools, and techniques. Familiarity with security standards and frameworks such as ISO, NIST, OWASP, etc.
• Proficiency in secure SDLC practices, commercial and open‑source security testing tools (SAST, DAST, SCA, fuzzing), container security (Docker, Kubernetes), and cloud security (GCP, AWS, Azure).
• Practical experience securing CI/CD pipelines;
  Infrastructure‑as‑Code (IaC) tools like Terraform;
  Git Hub and/or Gitlab; artifact management.
• Strong understanding of both human and non‑human identity management, enterprise and consumer authentication standards and use cases, and common protocols including OAuth and SAML.
• Experience overseeing vulnerability and threat management at the platform and application levels.
• Strong understanding of cryptography and key management use cases.
• Proficiency in one or more modern programming languages like Golang, Python, Node, and Java.
• Familiarity with advanced networking products and capabilities like SASE and SD‑WAN is a plus.
• Familiarity with penetration testing and red teaming is a plus.
• Site Reliability Engineering (SRE) experience is a strong plus.
• Experience developing security‑focused Terraform modules is a strong plus.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, national origin, religion, age, disability, sex, sexual orientation, gender identity or protected veteran status, or any other basis protected by applicable federal, state, or local law. The Company provides reasonable accommodations upon request in accordance with applicable requirements.