Senior Product Security Analyst

Overview We are seeking a highly capable and pragmatic Senior Product Security Analyst to safeguard our products, platforms, and customers as we scale. This is a senior individual contributor role with clear accountability and decision-making authority, responsible for independently identifying, assessing, and driving resolution of security risks across the product lifecycle. Reporting to the Director, Product Security, you will act as the primary application and product security owner for assigned products, partnering closely with engineering, product management, cloud, and platform teams. You will embed application-focused security practices into design and delivery, exercise sound technical and risk judgment in release decisions, and play a key role in advancing the maturity, consistency, and resilience of our product security capabilities in a fast-growing environment.

Responsibilities

Act as the primary application and product security partner for assigned products and services, owning end-to-end security reviews from design through release

Lead application-focused security assessments, including architecture reviews, threat modeling, and secure design validation for APIs, microservices, and SaaS platforms

Independently assess security risk and approve, delay, or block releases when required, escalating decisions where business urgency or customer commitments necessitate alignment

Provide authoritative, risk-based guidance to engineering teams, helping them understand not just what needs to be fixed, but also include security and risk context

Application Security & Vulnerability Management

Own vulnerability triage and prioritization for assigned products, ensuring findings are contextualized based on exploitability, exposure, and business impact

Interpret results from application security testing activities (SAST, DAST, SCA, manual reviews), translating technical findings into actionable remediation guidance

Monitor relevant external threats, attack techniques, and vulnerability trends, proactively assessing applicability to products and platforms

Support investigation and remediation of product- and application-related security incidents

Secure SDLC & Platform Enablement

Partner with engineering, platform, and cloud teams to embed secure-by-design practices into the SDLC, with a strong emphasis on application-layer controls

Apply hands-on technical judgment to validate engineering assumptions, challenge risk decisions, and ensure security controls are implemented effectively

Contribute to the evolution of application security standards, guardrails, and review practices that scale across multiple product teams

Compliance & Assurance Support

Support alignment of application and product security practices with applicable frameworks such as PCI DSS and GDPR, focusing on practical security outcomes rather than checkbox compliance

Translate internal controls into actionable engineering requirements and support evidence collection for audits and assessments as needed

Coordinate and support penetration testing, bug bounty programs, and third-party security assessments, ensuring timely remediation and risk closure

Collaboration, Influence & Maturity Growth

Build trusted, durable relationships with product, engineering, cloud, platform, and CGRC teams

Clearly articulate security risk, trade-offs, and remediation options to both technical and non-technical stakeholders

Contribute to the long-term maturity of the product and application security program through pattern recognition, continuous improvement, and shared learning

Requirements

5+ years of experience in application security, product security, or a closely related domain

Strong practical understanding of secure SDLC, application security principles (e.g., OWASP Top 10), threat modeling, vulnerability management, and security risk assessment

Demonstrated experience owning end-to-end security reviews for applications or products, including release decision support

Hands-on familiarity with application security testing approaches (SAST, DAST, SCA), with the ability to interpret findings and assess real-world risk

Experience working with cloud-native SaaS environments, preferably AWS, including API driven and microservice based architectures

Working knowledge of PCI DSS and GDPR, with experience translating security and compliance requirements into engineering practices

Ability to apply independent technical and risk judgment, including challenging assumptions and driving remediation

Strong communication skills, capable of engaging both engineers and business stakeholders

Experience working in agile or iterative development environments

Strong verbal and written communication skills in English

Willingness to collaborate across distributed teams and time zones with reasonable flexibility

Nice to have

Bachelor's or Master’s degree in Computer Science, Information Security, or a related technical field

Relevant certifications such as CCSP, CSSLP, AWS Certified Security, or AWS Solutions Architect

Experience with manual application security testing, secure design reviews, or API security analysis

Exposure to customer-facing SaaS platforms with regulatory or data protection requirements

Familiarity with AI-enabled or data-intensive systems, including emerging application security and privacy considerations

Experience contributing to the evolution of security standards, review patterns, or guardrails across multiple teams or products

Background in quickly evolving organizations that rapidly scale and mature security and compliance practices

Benefits

Fixed compensation

Long-term employment with the working days vacation

Development in professional growth (courses, training, etc)

Being part of successful cutting-edge technology products that are making a global impact in the service industry

Proficient and fun-to-work-with colleagues

Apple gear

Omilia is proud to be an equal opportunity employer and is dedicated to fostering a diverse and inclusive workplace. We believe that embracing diversity in all its forms enriches our workplace and drives our collective success. We are committed to creating an environment where everyone feels welcomed, valued, and empowered to contribute their unique perspectives without regard to factors such as race, color, religion, gender, gender identity or expression, sexual orientation, national origin, heredity, disability, age, or veteran status, all eligible candidates will be given consideration for employment.

#J-18808-Ljbffr