Note: The job is a remote job and is open to candidates in USA. BeyondTrust is a global leader in identity security, committed to creating a safer world through its cybersecurity SaaS portfolio. They are seeking a Sr Product Security Engineer to perform hands-on security testing across their product portfolio, leveraging AI to enhance threat hunting and vulnerability discovery. The role involves validating vulnerabilities, developing proof-of-concept exploits, and collaborating with engineering teams to remediate security issues.
Responsibilities
- Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services
- Build AI-powered threat hunting skills and fuzz factory plugins using Claude and Codex
- Develop working proof-of-concept exploits for discovered vulnerabilities that demonstrate real impact in the product's deployment context
- Validate vulnerabilities from all sources: your own testing, SAST, SCA, third-party pen tests, bug bounty submissions, and security research
- Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities
- Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines
- Participate in threat modeling exercises alongside Product Security Architects
Skills
- 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development
- Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation
- Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation
- Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits
- Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products
- Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications
- Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities
- Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security
- Strong communication skills: you can explain a complex exploitation chain to an engineering team and deliver a clear risk narrative to leadership
- Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms
- Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms
- Experience with mobile application security testing and thick client assessments
- Familiarity with container security, Kubernetes security, and infrastructure-as-code scanning
- Experience working with bug bounty programs, vulnerability disclosure programs, or coordinated disclosure
- Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent hands-on credentials
- Contributions to security research, open-source security tooling, or published vulnerability disclosures
Benefits
- Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success.
- You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.
- Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.
- We take care of our employees so they can take care of our customers.
- We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.
Company Overview
Company H1B Sponsorship