Movable InkRemote
Product Security Engineer
United States of America
Full Time
2 hours ago
$133,000 - $173,000 USD
H1B Sponsor Likely
Key skills
JavaScriptPythonGoRubyAIGitHub ActionsGitHubCI/CDCommunicationSnykOWASP
About this role
Movable Ink is a company that specializes in content personalization for marketers using data-activated content generation and AI decisioning. They are seeking a Product Security Engineer to secure their codebases, CI/CD pipelines, and development practices while balancing a security-first mindset with practical software delivery. This role involves collaborating with Security and Engineering teams to build automation that ensures safety in their code and infrastructure.
Responsibilities:
- Implement and maintain static application security testing (SAST) using Semgrep across our repositories
- Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies
- Manage secrets detection scanning (Trufflehog) and respond to findings
- Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged
- Triage and prioritize vulnerability findings, working with engineering teams to drive remediation
- Support dynamic application security testing (DAST) efforts using tools like ZAP
- Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation
- Set up and configure automation scripts to support our vulnerability management practices
- Document secure coding guidelines and help educate developers on security best practices
- Evaluate and recommend new security tools as the landscape evolves
Requirements:
- 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
- Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
- Familiarity with CI/CD pipelines and GitHub Actions
- Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
- Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
- Strong written communication skills for documentation and customer-facing security responses
- Self-motivated and able to manage competing priorities in a fast-paced environment