[Remote] Staff Product Security Engineer - Customer Platform
Note: The job is a remote job and is open to candidates in USA. Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. They are seeking a seasoned Staff Product Security Engineer to ensure the security of their systems, cloud infrastructure, products, and data while collaborating with cross-functional teams to design and deliver secure solutions.ResponsibilitiesDefine and evolve product security architecture and strategy for Valonβs multi-tenant SaaS platformArchitect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)Build and maintain security reference architectures and standardized secure design patterns for product teamsLead threat modeling, security design and code reviews for new features, services, and major architectural changesCollaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risksSupport vulnerability triage, remediation strategy, and root cause analysis for product security issuesSupport security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligenceDevelop, implement, and enforce security policies, standards, and proceduresSupport operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processesSkills8+ years in progressive senior security engineering or architect level roles, with 3+ years leading security design for enterprise-grade cloud and SaaS platformsBachelor's degree in Information Security, Computer Science, Technology or related fieldRelevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)Hands-on experience with modern security technologies and tooling across cloud and application securityExtensive experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilitiesStrong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred)Proven experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs)Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring)Demonstrated ability to build and maintain security reference architecturesExpert-level experience leading threat modeling and security design reviews including security-focused code reviewsApplied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independentlyExcellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholdersPrior software engineering experience and/or coding ability (Python) is preferredExperience working in high-growth or startup environments is a plusBenefitsCompetitive salary with a meaningful stake in the company via equity, and 401k planComprehensive medical, dental, & vision benefitsPre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenientCompany wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedbackQuarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!Flexible paid time off, sick days, and 11 company holidays12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest additionCompany OverviewValon: the AI-native operating system for mortgage servicing. Building a better foundation for the American Dream. It was founded in 2019, and is headquartered in New York, New York, USA, with a workforce of 201-500 employees. Its website is https://www.valon.com.Company H1B SponsorshipValon has a track record of offering H1B sponsorships, with 2 in 2026, 10 in 2025, 8 in 2024, 1 in 2023, 1 in 2022. Please note that this does not guarantee sponsorship for this specific role.