opengreenhousebvp
Product Security Engineer
LaunchDarkly
LocationRemote - US West
WorkplaceFull
Last observed2026-06-29 00:43:36.588152
Job idbvp-launchdarkly:greenhouse:7736270003
About the Job: LaunchDarkly's Product Security team is hiring a Product Security Engineer to strengthen how we secure the platform engineers build with every day. You'll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts. LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You'll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one. You'll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team's plate and make our coverage deeper. Responsibilities: Lead threat modeling engagements on the features and services where the risk warrants it. Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running. Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup. Contribute to SDLC tooling, SAST / SCA workflows, and bug bounty triage as the team's work demands. Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives. Bring AI to your work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts. Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them. About You: You're proactive by default. You'd rather spot drift early and fix the cause than chase symptoms after an incident. You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs. You invest in relationships with the engineering, product, and leadership teams you work with. You know security work moves at the speed of trust. You're a good partner. You're helpful and direct, you say no with reasons and alternatives, and you don't mistake gatekeeping for rigor. You're security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what's wrong with them. You treat AI as part of the toolkit. You're skeptical where you should be, aggressive where it pays off, and you want to work somewhere that's serious about both. Qualifications: 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred. Comfortable reading and critiquing pull requests in a modern stack. You don't need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps. Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent). Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus. Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, and common cloud misconfigurations. Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated. Nice to Haves: Experience with developer tools, SaaS platforms, or feature management Bug bounty triage experience (HackerOne, Bugcrowd) Familiarity with Go, Python, or TypeScript Contributions to internal security tooling or
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.