Lead Product Security Engineer

Job Description Key Responsibilities - Lead red team operations focused on product security, including application-layer attacks, business logic abuse, and adversary simulations targeting customer-facing products. - Develop and execute offensive testing strategies (web, API, native apps, SaaS, cloud integrations, and enterprise products). - Develop and execute custom attack scenarios, including phishing, social engineering, and lateral movement campaigns, to test organizational defenses. - Identify security weaknesses in architecture, design, and implementation of product features. - Mentor and guide other red team engineers, driving technical excellence and advancing offensive security capabilities within the product security organization. - Partner with security response (PSIRT) and SRE teams on vulnerability impact assessment, exploitation proof-of-concepts, and attack surface reduction. - Contribute to automation of offensive security testing methodologies and continuous validation of product defenses. - Stay ahead of the curve on emerging TTPs, exploitation techniques, zero-days, and adversarial tradecraft, and apply those insights to products. Required Qualifications - Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience - More than 9+ years of experience in the security industry, preferably 5+ years in offensive security, penetration testing, or red teaming - Deep expertise in application and product security, including web technologies, APIs, cloud-native architectures, and mobile platforms. - Strong background in exploit development, reverse engineering, and vulnerability research - Proficiency with offensive security tooling and frameworks (e.g., Burp Suite, Cobalt Strike, Metasploit, custom tooling) - Experience performing advanced attacks such as logic flaws, authentication bypass, authorization escalation, and supply chain abuse - Familiarity with developer workflows, CI/CD pipelines, and secure development practices - Familiarity with advanced persistent threat (APT) tactics, techniques, and procedures (TTPs) - Strong scripting/programming skills (Python, Go, JavaScript, or similar) - Excellent communication skills, with the ability to translate technical findings into business impact for engineering and product stakeholders Preferred Qualifications - Prior experience engaging with products at enterprise scale (SaaS, cloud platforms, financial systems, or critical infrastructure software). - Any one of these Certifications: CCRT(S), OSEP, GPEN, OSCP, SANS SEC565 - Experience leading cross-functional security initiatives with product and engineering teams. - Contributions to the security community in the form of research, CVEs, exploit development ,tools, or publications. - Track record of participation in Capture The Flag events - Working knowledge to execute end-to-end adversary emulation attacks About Us: Cloud Software Group is one of the world's largest cloud solution providers, serving more than 100 million users around the globe. When you join Cloud Software Group, you are making a difference for real people, each of whom count on our suite of cloud-based products to get work done from anywhere. Members of our team will tell you that we value passion for technology and the courage to take risks. Everyone is empowered to learn, dream, and build the future of work. We are on the brink of another Cambrian leap -- a moment of immense evolution and growth. And we need your expertise and experience to do it. Now is the perfect time to move your skills to the cloud. Cloud Software Group is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination. All qualified applicants will receive consideration for employment without regard to age, race, color, creed, sex or gender, sexual orientation, gender identity, gender expression, ethnicity, national origin, ancestry, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions (including lactation status), marital status, military service, protected veteran status, political activity or affiliation, taking or requesting statutorily protected leave and other protected classifications. If you need a reasonable accommodation due to a disability during any part of the application process, please contact us via the Bridge portal for assistance.