Product Security Lead

📋 Description

• Own security model for partner APIs: auth, tenant isolation, abuse prevention, signing.
• Drive a unified auth strategy across services, including step-up auth and passkeys.
• Build device telemetry and signals for fraud and risk teams.
• Work with Engineering on architecture reviews; write threat models.
• Own secure SDLC: SAST/DAST, dependency scanning, secret detection.
• Coordinate with infrastructure to improve security posture across the stack.

🎯 Requirements

• Strong programming in Java or Python; write production code.
• Experience designing/operating secure B2B APIs at scale (multi-tenant).
• Background in anti-ATO, anti-fraud, or authentication systems at scale.
• AWS knowledge: IAM, KMS, networking, service-to-service auth.
• Excellent written communication; threat models and postmortems.
• Comfortable owning security in-house while using external specialists.

🎁 Benefits

• Meaningful startup equity
• 100% health, vision & dental primary coverage
• 75% health, vision & dental dependent coverage
• Catered lunches and dinners
• $250/month commuter benefit
• Parental leave