Omilia · 1 day ago
Senior Product Security Analyst
United States
Full-time
Remote
Senior Level
5+ years expOmilia is a company focused on safeguarding products and platforms as they scale, and they are seeking a Senior Product Security Analyst. This role involves independently identifying and resolving security risks throughout the product lifecycle, collaborating with various teams to embed security practices into design and delivery.
Enterprise SoftwareNatural Language Processing
Responsibilities
Act as the primary application and product security partner for assigned products and services, owning end-to-end security reviews from design through release
Lead application-focused security assessments, including architecture reviews, threat modeling, and secure design validation for APIs, microservices, and SaaS platforms
Independently assess security risk and approve, delay, or block releases when required, escalating decisions where business urgency or customer commitments necessitate alignment
Provide authoritative, risk-based guidance to engineering teams, helping them understand not just what needs to be fixed, but also include security and risk context
Own vulnerability triage and prioritization for assigned products, ensuring findings are contextualized based on exploitability, exposure, and business impact
Interpret results from application security testing activities (SAST, DAST, SCA, manual reviews), translating technical findings into actionable remediation guidance
Monitor relevant external threats, attack techniques, and vulnerability trends, proactively assessing applicability to products and platforms
Support investigation and remediation of product- and application-related security incidents
Partner with engineering, platform, and cloud teams to embed secure-by-design practices into the SDLC, with a strong emphasis on application-layer controls
Apply hands-on technical judgment to validate engineering assumptions, challenge risk decisions, and ensure security controls are implemented effectively
Contribute to the evolution of application security standards, guardrails, and review practices that scale across multiple product teams
Support alignment of application and product security practices with applicable frameworks such as PCI DSS and GDPR, focusing on practical security outcomes rather than checkbox compliance
Translate internal controls into actionable engineering requirements and support evidence collection for audits and assessments as needed
Coordinate and support penetration testing, bug bounty programs, and third-party security assessments, ensuring timely remediation and risk closure
Build trusted, durable relationships with product, engineering, cloud, platform, and CGRC teams
Clearly articulate security risk, trade-offs, and remediation options to both technical and non-technical stakeholders
Contribute to the long-term maturity of the product and application security program through pattern recognition, continuous improvement, and shared learning
Qualification
Required
5+ years of experience in application security, product security, or a closely related domain
Strong practical understanding of secure SDLC, application security principles (e.g., OWASP Top 10), threat modeling, vulnerability management, and security risk assessment
Demonstrated experience owning end-to-end security reviews for applications or products, including release decision support
Hands-on familiarity with application security testing approaches (SAST, DAST, SCA), with the ability to interpret findings and assess real-world risk
Experience working with cloud-native SaaS environments, preferably AWS, including API driven and microservice based architectures
Working knowledge of PCI DSS and GDPR, with experience translating security and compliance requirements into engineering practices
Ability to apply independent technical and risk judgment, including challenging assumptions and driving remediation
Strong communication skills, capable of engaging both engineers and business stakeholders
Experience working in agile or iterative development environments
Strong verbal and written communication skills in English
Willingness to collaborate across distributed teams and time zones with reasonable flexibility
Preferred
Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field
Relevant certifications such as CCSP, CSSLP, AWS Certified Security, or AWS Solutions Architect
Experience with manual application security testing, secure design reviews, or API security analysis
Exposure to customer-facing SaaS platforms with regulatory or data protection requirements
Familiarity with AI-enabled or data-intensive systems, including emerging application security and privacy considerations
Experience contributing to the evolution of security standards, review patterns, or guardrails across multiple teams or products
Background in quickly evolving organizations that rapidly scale and mature security and compliance practices
Benefits
Fixed compensation
Long-term employment with the working days vacation
Development in professional growth (courses, training, etc)
Being part of successful cutting-edge technology products that are making a global impact in the service industry
Proficient and fun-to-work-with colleagues
Apple gear
Company
Omilia
Omilia offers enterprise grade Natural Language Understanding technologies.
201-500 employees
Funding
Current Stage
Growth StageTotal Funding
$20MKey Investors
Grafton Capital
2020-05-05Private Equity· $20M
Leadership Team
Dimitris Vassos
CEO and Founder
Pelias Ioannidis
Partner & CFO
Recent News
Destination CRM
2026-01-22
Company data provided by crunchbase