Senior Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

ID.me · 1 day ago

Senior Product Security Engineer

positionMountain View, CA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$154K/yr - $220K/yr
date8+ years exp

ID.me is a next-generation digital identity wallet that simplifies how individuals securely prove their identity online. They are seeking a Senior Product Security Engineer to lead the design and implementation of secure cloud security architectures, deliver security automation frameworks, and conduct deep technical security assessments to protect millions of users.

Cloud Data ServicesCyber SecurityFraud DetectionIdentity ManagementPrivacySoftware
check
H1B Sponsor Likelynote
Hiring Manager
John Sweeney
linkedin

Responsibilities

Lead the design and implementation of secure, scalable cloud security architectures across GCP, Kubernetes, and containerized workloads
Deliver security automation frameworks (Python or Java) that reduce operational risk and increase organizational security maturity
Build production-ready security automation using Python or Java to scale security operations and reduce manual toil
Execute security projects from requirements through deployment with minimal guidance, delivering high-quality results on time
Troubleshoot complex security issues in production environments, conducting deep technical analysis and implementing fixes quickly
Implement GKE security controls
Build and maintain cloud security infrastructure using Terraform
Configure GCP security services such as VPC Service Controls, Private Service Connect, Cloud Armor policies, IAM roles, and Secret Manager
Execute API security assessments by conducting security reviews, identifying vulnerabilities, and implementing remediation
Execute vulnerability remediation workflows for application, container, Cloud, and SaaS vulnerabilities within defined SLAs
Build security dashboards and reporting to track vulnerability MTTR, security control effectiveness, and false positive rates
Conduct deep technical security assessments—API, application, GKE, and infrastructure layers—and implement durable, production-ready solutions
Serve as a technical escalation point for cloud, IAM, GKE, and Terraform-related security issues; provide expert troubleshooting for high-severity incidents
Implement advanced GCP security controls including VPC Service Controls, Private Service Connect, sensitive service perimeter enforcement, and automated IAM governance
Partner with Infrastructure, Platform, AppSec, and Compliance teams to ensure a unified, secure-by-default cloud architecture

Qualification

Cloud Security ArchitectureSecurity Automation (Python/Java)GCP ExperienceKubernetes SecurityInfrastructure-as-Code (Terraform)API Security EngineeringSecurity CertificationsSoft Skills

Required

8+ years of experience in security engineering, cloud engineering, or software engineering with a focus on implementation and architecture
7+ years of hands-on programming experience in Python or Java
6+ years of GCP experience including GKE, Cloud Run, IAM, Secret Manager, VPC SC, and related services
Strong expertise with Kubernetes security, container security, and image/build pipeline hardening
Proficiency with Infrastructure-as-Code (Terraform preferred)
Demonstrated ability to architect and troubleshoot complex issues in production cloud environments

Preferred

GCP Professional Cloud Security Engineer or Professional Cloud Architect certification
Deep experience designing and securing multi-tenant GKE environments, including workload isolation, network segmentation, and hardened runtime configurations
Expertise in OAuth, OIDC, and API security engineering, with emphasis on abuse resistance, token lifecycle management, and cross-service trust boundaries
Proven ability to lead security initiatives across engineering teams and influence large-scale architectural decisions
OSCP or comparable hands-on offensive-security certifications (e.g., OSEP, GXPN, PNPT) demonstrating strong adversarial reasoning and exploit-focused problem-solving capability
Practical familiarity with offensive-security methodologies—attack-chain decomposition, exploitation fundamentals, and red-team tradecraft—and their application to cloud-native threat modeling and control design
Experience or interest in applied security research, such as vulnerability discovery, protocol or infrastructure analysis, and evaluation of emerging attack surfaces (e.g., AI/ML pipelines, agentic systems, supply-chain security)

Company

ID.me

twittertwittertwitter
Glassdoor3.1
company-logo
ID.me is a digital identity wallet that allows users to securely prove their identity online.
dateFounded in 2010
location
Mclean, Virginia, USA
people-size1001-5000 employees
web-link
https://www.ID.me

H1B Sponsorship

ID.me has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (2)

Funding

Current Stage
Late Stage
Total Funding
$814.25M
Key Investors
Ribbit CapitalAres ManagementViking Global Investors
2025-09-03Series E· $65M
2025-01-30Debt Financing· $275M
2024-11-25Secondary Market· $67M

Leadership Team

leader-logo
Blake Hall
Co-Founder and CEO
linkedin
leader-logo
Samantha Greenberg
Chief Financial Officer
linkedin

Recent News

BiometricUpdate.com
US Treasury awards ID.me $1B five-year contract
2026-01-07
BiometricUpdate.com
ID.me scores big roll outs with FINRA and CMS
2025-12-18
PR Newswire
ID.me Announces Contract with CMS to Advance Access, Security, and User Experience on Medicare.gov
2025-12-16
Company data provided by crunchbase