As a Paranoids Product Security Engineer, you have the opportunity to guide secure development for a product area and in addition, own and drive secure development initiatives affecting the overall enterprise. The role involves performing hands-on web and/or mobile application security assessments, identifying vulnerabilities, and recommending mitigations. You will also assist with code reviews, design reviews, and security testing for new features and releases.

Requirements

3 years of experience in application or product security, or in a related engineering discipline (backend, frontend, or mobile development) with a focus on secure design.
Experience securing web and mobile applications, including performing code reviews, threat assessments, and vulnerability triage.
Solid understanding of web security fundamentals — authentication, authorization, input validation, session management, encryption, and secure communications.
Familiarity with common vulnerabilities and exposures (OWASP Top 10, CWE) and mobile application threats (MASVS, reverse engineering, insecure storage, API misuse).
Hands-on experience using and tuning security testing tools such as SAST, DAST, dependency scanners, and mobile app assessment tools.
Ability to work with developers to analyze findings, provide actionable remediation guidance, and validate fixes.
Comfortable writing or reviewing code in one or more languages (e.g., Java, JavaScript/TypeScript, Python, Go, Swift, or Kotlin).
Understanding of CI/CD security integration and secure development practices.
Familiarity with API security concepts and basic knowledge of securing cloud-based applications.
Strong communication skills — able to document findings, explain risk to engineers, and collaborate effectively with cross-functional teams.

Benefits

Flexible-hybrid work approach
Equal opportunity workplace
Dedicated to providing an accessible environment for all candidates and employees

Requirements

3 years of experience in application or product security, or in a related engineering discipline (backend, frontend, or mobile development) with a focus on secure design.

Experience securing web and mobile applications, including performing code reviews, threat assessments, and vulnerability triage.

Solid understanding of web security fundamentals — authentication, authorization, input validation, session management, encryption, and secure communications.

Familiarity with common vulnerabilities and exposures (OWASP Top 10, CWE) and mobile application threats (MASVS, reverse engineering, insecure storage, API misuse).

Hands-on experience using and tuning security testing tools such as SAST, DAST, dependency scanners, and mobile app assessment tools.

Ability to work with developers to analyze findings, provide actionable remediation guidance, and validate fixes.

Comfortable writing or reviewing code in one or more languages (e.g., Java, JavaScript/TypeScript, Python, Go, Swift, or Kotlin).

Understanding of CI/CD security integration and secure development practices.

Familiarity with API security concepts and basic knowledge of securing cloud-based applications.

Strong communication skills — able to document findings, explain risk to engineers, and collaborate effectively with cross-functional teams.

Paranoids Technical Security Engineer II - Product Security

About the Company

Job Description

Requirements

Benefits

Similar Jobs

Paranoids Technical Security Engineer II - Product Security

Paranoids Senior Technical Security Engineer - Product Security

Paranoids SSL Governance Engineer

Paranoids Technical Security Engineer II - Product Security

About the Company

Job Description

Requirements

Benefits

Similar Jobs

Paranoids Technical Security Engineer II - Product Security

Paranoids Senior Technical Security Engineer - Product Security

Paranoids SSL Governance Engineer

Job Details

About Yahoo