Product Security Engineer, Infrastructure

Own Company

Own Company

Other Engineering, Product

Bellevue, WA, USA

Posted on May 6, 2026
Apply now

Description

We're hiring a Product Security Engineer join our Security Services and Tooling Infrastructure Team. This role requires the ability to engineer automated guardrails, contribute to "paved path" templates, and assist in maintaining multi-cloud hygiene. This team is responsible for reducing developer toil while enforcing rigorous security configurations.

Responsibilities:

  • Assist in the engineering and deployment of automated policy-as-code controls (e.g., OPA, Checkov) within CI/CD and runtime environments.
  • Support the development and certification of Infrastructure-as-Code (IaC) modules. Ensure Terraform and multi-substrate templates adhere to strict security standards before they reach the engineering lifecycle.
  • Participate in the maintenance of Key Risk Indicator (KRI) dashboards for AWS and GCP. Analyze multi-cloud asset data to identify and remediate privilege escalation paths.
  • Actively identify manual security processes and develop automated scripts or tooling to eliminate them.
  • Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

Performance Expectations:

  • Do not wait for vulnerabilities to hit production. Proactively identify and block insecure configurations at the development stage.
  • Solutions must minimize false positives. High-noise implementations will be rejected.
  • Do not solve for the single instance. Build for the organization. All solutions must scale across all Salesforce Clouds.

Required Technical Competencies:

  • Deep familiarity with Terraform. Must understand how to write and validate secure modules.
  • Functional knowledge of AWS and GCP security configurations. Understanding of IAM, network boundaries, and organizational policies.
  • Experience or strong aptitude for learning OPA (Open Policy Agent) or Checkov to implement preventative controls.
  • Proficiency in Python or Go for automating security signal collection and remediation workflows.
  • Understanding of how to integrate security tooling into automated deployment pipelines without impacting delivery velocity.
  • A demonstrated, genuine AI-first approach to tasks. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
  • Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.).
  • Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
  • A related technical degree required.
Apply now
See more open positions at Own Company