Senior Product Security Engineer
Redis
Who we are
We're Redis. We built the product that runs the fast apps our world runs on. (If you checked the weather, used your credit card, or looked at your flight status online today, you’re welcome.) At Redis, you’ll work with the fastest, simplest technology in the business—whether you’re building it, telling its story, or selling it to our 10,000+ worldwide customers. We’re creating a faster world with simpler experiences. You in?
Why would you love this job
As a Senior Product Security Engineer with us, you'll be at the forefront of application security innovation. You'll combine your passion for hacking methodologies with cutting-edge security technologies to protect our software products. This role offers the perfect blend of hands-on technical work and strategic impact. You'll dive deep into code across multiple languages to uncover hidden vulnerabilities and conduct penetration testing that directly strengthens our application defenses.
You'll leverage industry frameworks like OWASP for secure application development and MITRE ATT&CK for understanding cloud-based attack patterns. Working directly with engineering teams, you'll embed security throughout the software development lifecycle and shape how we build secure applications from the ground up.
Beyond the technical challenges, you'll mentor talented developers on secure coding practices and drive application security culture across the organization. You'll have the freedom to explore emerging application threats and security technologies through our comprehensive professional development support.
If you're driven by curiosity and want to make a meaningful impact protecting applications used by thousands of users, this role offers the perfect environment to advance your application security expertise while working with a team that values innovation and continuous learning.
What you’ll do
Security Architecture & Design
-
- Design and implement security controls and frameworks for product development
- Conduct security architecture reviews and threat modeling for new features and products
- Collaborate with engineering teams to integrate security requirements into product roadmaps
- Develop and maintain security standards, guidelines, and best practices
Code Security & Assessment
-
- Perform comprehensive security code reviews across multiple programming languages
- Conduct penetration testing and vulnerability assessments on applications and infrastructure
- Analyze security findings from automated scanning tools and drive their remediation
- Lead the vulnerability disclosure processes
Security Tooling & Process
-
- Implement and optimize Static Application Security Testing tools and workflows
- Deploy and manage Dynamic Application Security Testing solutions
- Oversee Software Composition Analysis for third-party dependency management
- Build security metrics, dashboards, and reporting capabilities
Collaboration & Communication
-
- Contribute to security compliance and governance efforts
- Partner with development teams to provide security guidance and training
- Present security findings and recommendations to technical and executive stakeholders
- Mentor security champions and foster security culture across engineering
- Stay current with emerging threats, security technologies, and industry best practices
What will you need to have?
Technical Expertise
-
- Proficiency in multiple programming languages including Java, C, and Python
- Extensive experience conducting security code reviews and identifying vulnerabilities
- Ability to read and understand code to identify security flaws and antipatterns
- Understanding of secure software development concepts and their application to Secure Software Development Lifecycle
- Hands-on experience with penetration testing methodologies and tools
- Deep understanding of cloud technologies and major cloud service providers (AWS, Azure, GCP)
- Proven experience implementing and/or managing SAST, DAST, and SCA security tools
- Experience with container security and orchestration platforms (Docker, Kubernetes)
Professional Skills
-
- Strong verbal communication skills with fluency in English
- Ability to translate complex security concepts into actionable recommendations
- Experience working collaboratively with cross-functional engineering teams
- Demonstrated curiosity and commitment to staying current with cutting-edge security technologies
Adversarial Security Expertise
-
- Interest in and knowledge of hacking tactics, techniques, and procedures (TTPs)
- Familiarity with the MITRE ATT&CK framework and its practical applications
- Ability to operate with an adversarial mindset and think like an attacker
- Experience with common hacking tools and exploitation techniques
Experience Requirements
-
- 5+ years of experience in product security, application security, or related field
- Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience
Extra great if you have:
- Knowledge of Redis products and in-memory database security considerations
- Active participation in Capture The Flag (CTF) competitions
- Experience with DevSecOps practices and CI/CD pipeline security integration
- Background in security research, vulnerability disclosure, or bug bounty programs
- Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS)
Our culture is what makes Redis a fun and rewarding place to work. To support you at work and beyond, we offer all our US team members fantastic benefits and perks:
- Competitive salaries and equity grants
- Unlimited time off to promote a healthy work-life balance
- H/D/V coverage along with 401K, FSA, and commuter benefits
- Frequent team celebrations and recreation events
- Home internet & phone stipend
- Learning and development opportunities
- Ability to influence a high-performance company on its way to IPO
The estimated gross base annual salary range for this role is $120,000 – $145,000 per year in New York, California, Washington, Colorado, and Rhode Island. Actual compensation may vary and is dependent on various factors, including a candidate’s work location, qualifications, experience, and competencies. Base annual salary is one component of Redis’ total compensation and competitive benefits package, which may include 401(k), unlimited time off, learning and development opportunities, and comprehensive health and wellness benefits. This role may include discretionary bonuses, stock options, commuter benefits based on location, or a commission plan. Salary history is not used in compensation package decisions. Redis utilizes market pay data to determine compensation, so posted compensation ranges are subject to change as new market data becomes available.
#LI-AB1