Product Security Engineer
Puppet
Position Summary:
As a Product Security Engineer, you will partner closely with developers to identify, triage, and drive remediation of security vulnerabilities across our products. This hands-on role owns vulnerability triage across sources such as customer reports, security researchers, automated scanning tools, and penetration tests, and helps teams assess risk, prioritize fixes, and improve overall security posture. You will also use AI tools to accelerate analysis, while supporting security reviews, threat modeling, and secure development practices across both the SDLC and emerging AI-assisted development workflows. Success in this role requires strong attention to detail, curiosity to research new technologies, and effective collaboration with development teams. You will provide clear, actionable security feedback that helps teams improve efficiency and outcomes. You’ll thrive here if you’re proactive, resourceful, and eager to learn, with a focus on enabling teams to build secure, resilient products.
Responsibilities::
- Vulnerability Assessment & Remediation
- Review and triage vulnerabilities from multiple sources including customer-reported issues, security researchers, automated scanning tools, and penetration testing results
- Assess severity and potential impact, including CVEs and third-party component risks
- Partner with developers to explain findings in clear terms, identify root causes, and drive timely remediation
- Track and validate fixes
- Developer Collaboration
- Work closely with engineering teams to integrate security into daily workflows
- Support developers in understanding secure coding practices and common vulnerability patterns
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.