[Remote] Product Security Engineer

Note: The job is a remote job and is open to candidates in USA. Movable Ink is a company that specializes in content personalization for marketers through data-activated content generation and AI decisioning. They are seeking a Product Security Engineer to secure their codebases, CI/CD pipelines, and development practices, balancing a security-first mindset with practical engineering insights. This role involves implementing security measures, managing vulnerabilities, and collaborating with engineering teams to ensure safe software delivery.

Responsibilities

• Implement and maintain static application security testing (SAST) using Semgrep across our repositories
• Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies
• Manage secrets detection scanning (Trufflehog) and respond to findings
• Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged
• Triage and prioritize vulnerability findings, working with engineering teams to drive remediation
• Support dynamic application security testing (DAST) efforts using tools like ZAP
• Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation
• Set up and configure automation scripts to support our vulnerability management practices
• Document secure coding guidelines and help educate developers on security best practices
• Evaluate and recommend new security tools as the landscape evolves

Skills

• 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
• Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
• Familiarity with CI/CD pipelines and GitHub Actions
• Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
• Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
• Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
• Strong written communication skills for documentation and customer-facing security responses
• Self-motivated and able to manage competing priorities in a fast-paced environment
• Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)

Benefits

• Additional bonus depending on the position ultimately offered
• A full range of medical, financial, and/or other benefits

Company Overview

Company H1B Sponsorship