Product & Data Security Engineer (AppSec, DLP, & Privacy)
Job role: Product & Data Security Engineer (AppSec, DLP, & Privacy)
Duration: Contract-to-Hire (6-12 Months)
Location: Fully Remote
Job Description:
You embed Secure-by-Design and Private-by-Design principles directly into the SDLC by building self-service, developer-native guardrails. You do not review code manually; you design systems that make insecure or non-compliant code impossible to merge.
Responsibilities
Secure SDLC:
ā¢ Design and maintain SAST, SCA, API, and schema validation patterns using GitHub Actions with deterministic policy-as-code gates (no discretionary approvals).
Data Loss Prevention (DLP):
ā¢ Implement source-level PHI/PII and secret detection using regex + ML classifiers in CI/CD to block sensitive data from ever entering source control or artifacts.
API & Transport Security:
ā¢ Define non-negotiable Layer 7 standards (TLS 1.3, HSTS, OAuth/OIDC, JWT lifetimes) and automate OpenAPI linting to prevent over-exposure or data leakage.
Data Protection Patterns:
ā¢ Build and maintain application-layer encryption, tokenization, and redaction libraries that are consumed by product teams by default.
Supply Chain Security:
ā¢ Generate SBOMs per build, sign and attest artifacts, and enforce provenance verification at deploy time via pipeline policy.
Minimum Qualifications
ā¢ 5+ years in AppSec or Software Engineering with data-centric security ownership.
ā¢ Hands-on with GitHub Actions, secret prevention tooling, API security, and OAuth/OIDC.
ā¢ Proficient in Python, Go, or TypeScript with strong developer empathy.
Success Measures
ā¢ ā„90% of repos protected by automated DLP and secret scanning
ā¢ 100% APIs conforming to standardized auth and transport patterns
ā¢ Measurable reduction in high/critical application-layer findings
Apply tot his job
Apply To this Job
Duration: Contract-to-Hire (6-12 Months)
Location: Fully Remote
Job Description:
You embed Secure-by-Design and Private-by-Design principles directly into the SDLC by building self-service, developer-native guardrails. You do not review code manually; you design systems that make insecure or non-compliant code impossible to merge.
Responsibilities
Secure SDLC:
ā¢ Design and maintain SAST, SCA, API, and schema validation patterns using GitHub Actions with deterministic policy-as-code gates (no discretionary approvals).
Data Loss Prevention (DLP):
ā¢ Implement source-level PHI/PII and secret detection using regex + ML classifiers in CI/CD to block sensitive data from ever entering source control or artifacts.
API & Transport Security:
ā¢ Define non-negotiable Layer 7 standards (TLS 1.3, HSTS, OAuth/OIDC, JWT lifetimes) and automate OpenAPI linting to prevent over-exposure or data leakage.
Data Protection Patterns:
ā¢ Build and maintain application-layer encryption, tokenization, and redaction libraries that are consumed by product teams by default.
Supply Chain Security:
ā¢ Generate SBOMs per build, sign and attest artifacts, and enforce provenance verification at deploy time via pipeline policy.
Minimum Qualifications
ā¢ 5+ years in AppSec or Software Engineering with data-centric security ownership.
ā¢ Hands-on with GitHub Actions, secret prevention tooling, API security, and OAuth/OIDC.
ā¢ Proficient in Python, Go, or TypeScript with strong developer empathy.
Success Measures
ā¢ ā„90% of repos protected by automated DLP and secret scanning
ā¢ 100% APIs conforming to standardized auth and transport patterns
ā¢ Measurable reduction in high/critical application-layer findings
Apply tot his job
Apply To this Job