Source Job

Brazil

  • Identify and remediate vulnerabilities across the product ecosystem using code reviews and automation.
  • Integrate security tools and practices into CI/CD pipelines to ensure secure development.
  • Collaborate with engineering teams to apply threat modeling and secure-by-design principles.

Ruby Go PHP AWS CI/CD

20 jobs similar to Product Security Analyst

Jobs ranked by similarity.

Europe US Unlimited PTO

  • Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
  • Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
  • Improve secure development practices through code reviews, threat modeling, and security design reviews.

Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.

Europe

  • Define security requirements and design application architectures following a secure-by-default approach.
  • Conduct threat modeling, code reviews, and penetration testing on cloud-based web and mobile apps.
  • Implement, manage, and automate SAST/DAST/SCA security controls and WAF rules to enforce protection at scale.

Prima is a motor insurance company that uses data and technology to provide a great experience for drivers. They are trusted by over 5 million drivers and have over 350 engineers in their Engineering department, fostering a culture of curiosity and collaboration.

Europe

  • Design and implement security features and safeguards to protect the platform.
  • Integrate security best practices throughout the software development lifecycle.
  • Mentor engineering teams on secure development practices and help remove technical blockers.

The company is a SaaS platform serving millions of users worldwide. It operates in a fully remote, international environment with a product-driven engineering culture.

Europe

  • Lead the security research function by defining methodologies and best practices for identifying cloud and application security threats.
  • Conduct advanced vulnerability research and collaborate with engineering teams to translate findings into product features.
  • Publish high-quality technical content and establish thought leadership in the cybersecurity community.

The company is a cybersecurity vendor that develops AI-powered security solutions. It is a fast-growing, remote-first organization with a collaborative culture emphasizing technical excellence and continuous learning.

$152,000–$175,000/yr
US Unlimited PTO

  • Lead threat modeling, architecture reviews, and code reviews for web applications, APIs, and microservices.
  • Actively develop and commit code to fix security flaws in Python, Go, or JavaScript/TypeScript codebases.
  • Implement and manage security testing tools within CI/CD pipelines to catch vulnerabilities early in the SDLC.

RunPod is the AI Developer Cloud, providing a platform for developers to experiment, train, fine-tune, deploy, and scale AI. We are a small, remote-first team that has processed over 20 billion inference requests and closed a $100M Series A in June 2026.

India

  • Lead security initiatives across infrastructure, applications, cloud, and enterprise deployments to ensure a strong security posture.
  • Conduct penetration testing, vulnerability assessments, and security reviews to proactively identify and mitigate risks.
  • Collaborate with engineering, DevOps, and machine learning teams to embed security best practices into products and processes.

The company develops innovative AI-driven products for highly regulated environments. They operate with a startup culture, emphasizing collaboration, autonomy, and continuous improvement.

$120,000–$154,440/yr
US 12w maternity 12w paternity

  • Architect, design, and implement end-to-end security solutions including firewalls, intrusion detection, and cloud security controls.
  • Collaborate with DevOps to integrate security into CI/CD pipelines and automate secure deployments.
  • Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations.

Figure is transforming capital markets through blockchain, powering real products used by hundreds of thousands of consumers and institutions. With over 170 partners and $22 billion in home equity loans originated, Figure is the largest non-bank provider of home equity financing in the U.S., recognized as one of Forbes' Most Innovative Fintech Startups in 2025.

Canada 18w maternity 18w paternity

  • Design and build scalable backend systems using Go and cloud technologies to process complex security data.
  • Develop and improve data processing pipelines that transform vulnerability information into structured outputs.
  • Establish engineering best practices, mentor engineers, and influence architecture decisions.

The company is a technology firm focused on improving the security and reliability of the open-source software ecosystem. It is a remote-first organization with a collaborative culture that values ownership and continuous growth.

Canada

  • Design and ship scalable security solutions to bridge the gap between security and engineering teams.
  • Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
  • Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.

Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.

India

  • Partner with engineering, product, and DevOps teams to integrate security practices throughout the SDLC, focusing on cloud-native environments and automated pipelines.
  • Design, implement, and maintain security tooling and gates within CI/CD pipelines covering SAST, DAST, SCA, secrets detection, and container scanning.
  • Lead threat modeling, conduct application security assessments including code review and manual penetration testing, and triage bug bounty reports.

Hyland is the pioneer of the Content Innovation Cloud, delivering ubiquitous enterprise intelligence to organizations. With a team of nearly 4,000 employees, the company fosters an employee-centric culture focused on community impact and innovation.

US 4w PTO

  • Lead application security reviews, threat modeling, and secure code review for new features and significant product changes.
  • Operate and improve SAST, DAST, and SCA tooling, triage findings, and partner with engineering teams to harden the codebase.
  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients, and own the vulnerability management lifecycle.

ButterflyMX empowers people to automate property access, operations, and security from a single platform, serving over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by a shared commitment to excellence and innovation.

UK

  • Design and deliver secure, scalable software solutions using Go within a cloud-native architecture.
  • Build platform capabilities for API security, cryptographic controls, AI governance, and supply chain security.
  • Collaborate with engineering, platform, and security teams to enhance production system security and resilience.

Jobgether is a platform that uses AI-powered matching to connect candidates with roles. They partner with companies to manage applications and next steps, fostering an inclusive and diverse working environment.

$147,000–$175,000/yr
US Unlimited PTO

  • Become an expert on the platform and its integration into customer CI/CD pipelines, developer workflows, and AppSec programs.
  • Run technical discovery, diagnose customer issues, and advise on solution design throughout the sales cycle.
  • Own Proof-of-Value engagements end-to-end, from defining success criteria to configuring environments and delivering technical wins.

They build a leading application security platform that helps companies like Snowflake and Dropbox catch and fix code vulnerabilities without slowing down development. The company has grown to roughly 175 employees since 2017 and raised $100M in Series D funding, with a culture combining deep engineering credibility and developer-friendly products.

Global

  • Conduct security reviews and penetration tests across Brave products including the browser and search engine.
  • Triaging and fixing security reports, and designing secure code in C++ and other languages.
  • Work asynchronously with a geographically-distributed team to secure AWS infrastructure and web security models.

Brave builds a privacy-focused web browser that blocks trackers and ads, a private search engine, a crypto wallet, and an opt-in private ad network. With over 110 million monthly active users and a small, distributed team, Brave is dedicated to protecting user privacy and challenging Big Tech.

Latin America

  • Design, deploy, and manage cloud infrastructure across AWS, Azure, or GCP.
  • Support CI/CD pipelines and automate software integration, testing, and deployment.
  • Ensure system reliability, performance, and security of cloud environments.

Welocalize, a Welo Global brand, provides AI-enabled multilingual content solutions that help enterprises operate globally. The company has seven ISO certifications and offices worldwide, with a focus on combining AI, automation, and human expertise.

US 5w PTO

  • Own key security domains such as vulnerability management, application security, API security, and supply chain security.
  • Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
  • Develop and improve security tooling and automation to reduce manual effort and leverage AI for triage and detection.

NinjaTrader is an industry-leading trading platform and futures broker that empowers traders with award-winning software and brokerage services. Since 2003, the company has grown to over 2 million users and is the number one rated futures brokerage worldwide, fostering a dynamic culture focused on social connection, professional development, and employee recognition.

Global Unlimited PTO

  • Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
  • Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.

Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.

$172,279–$249,640/yr
Canada United States

  • Partner with engineering teams to review cloud and compute architecture design changes.
  • Develop or adopt open-source tools to monitor and harden cloud infrastructure and detect intrusions.
  • Drive the definition and implementation of security policies and monitor conformance.

Quora operates a global knowledge sharing platform with over 300M monthly unique visitors and Poe, a platform for AI language model interaction. It is a privately held, remote-first company with a culture rooted in transparency, idea-sharing, and experimentation.

  • Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
  • Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
  • Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.

PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.

$100,000–$160,000/yr
US

  • Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
  • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
  • Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.

Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.