Sr. Product Security Engineer

ABOUT THE POSITION

We are seeking a highly experienced and motivated Senior Product Security Engineer to join our advanced security team. In this role, you will be a key leader responsible for driving the identification, assessment, and mitigation of security vulnerabilities across our products and services. You will also spearhead the deployment of new security tools and technologies, significantly enhancing our organization's security capabilities. The ideal candidate will bring deep expertise in application security testing, penetration testing, vulnerability management, and security tooling. Additionally, you will mentor teams and collaborate closely with both internal stakeholders and external security researchers. This role reports directly to the Head of Product Security.

Key Responsibilities Include:

•Lead comprehensive security testing for Fluence products to ensure the security of the entire product suite.

•Perform advanced penetration testing on new and existing products, identifying critical security risks and setting strategic security requirements.

•Oversee the tracking, management, and remediation of security vulnerabilities, working directly with product teams, stakeholders, and security champions.

•Collaborate with both internal and external stakeholders, including security researchers, to continuously enhance the security posture and optimize bug bounty program performance.

•Serve as the senior technical representative for product security testing initiatives across product development and shared services teams.

•Provide strategic security guidance and mentorship to peers, security champions, and the wider organization.

What will our ideal candidate bring to Fluence?

• Bachelor's degree in computer science, cybersecurity, or related field. 
• 5+ years of experience as a senior penetration tester, ethical hacker, or bug hunter, with expert-level understanding of security testing methodologies and techniques.
• 3+ years of hands-on experience with security tools such as Static Application Security Testing (SAST) (e.g., Checkmarx, Synopsys, Snyk), Dynamic Application Security Testing (DAST) (e.g., BurpSuite, WebInspect), Software Composition Analysis (SCA) (e.g., Mend, Snyk), Run-Time Application Self-Protection (RASP) (e.g., Signal Sciences, Imperva), and vulnerability management tools.
• Extensive experience with bug bounty platforms (e.g., SynAck, BugCrowd, HackerOne) and a proven track record in managing bug bounty programs.
• Advanced cybersecurity certifications such as OSCE, OSCP, CEH, GPEN, GCPN are highly preferred.
• Extensive experience supporting and evolving security automation, with proficiency in at least one programming or scripting language (Python, Perl, Go, JavaScript, C++).