Skip to main content

Collective

Product Security Engineer

San Francisco (Remote)$170k–$200kfulltimemidAdded today

About this role

Collective seeks a Product Security Engineer to architect an AI-driven application security program that automates vulnerability detection and remediation across a fintech platform. You'll combine SAST, DAST, and SCA tools with LLM-based triage and code-level fixes to eliminate vulnerability classes rather than patch individual instances, working closely with product teams on a platform handling sensitive financial data.

What you'll do

  • Design and operate an agentic appsec pipeline integrating SAST, DAST, and SCA into CI/CD with LLM-powered triage and automated PR security review
  • Drive end-to-end vulnerability remediation: triage findings, route fixes to teams, track closure against SLAs, and verify fixes
  • Ship secure defaults, paved-path libraries, and framework-level fixes to eliminate root causes of vulnerability classes
  • Lead threat modeling and security reviews for new features, automating the practice so threat models evolve with the system
  • Tune the agentic pipeline for signal quality: refine rules, optimize prompts, reduce false positives
  • Stay current on fintech-relevant vulnerabilities and translate landscape insights into concrete program improvements

What they're looking for

  • Application security (SAST, DAST, SCA tools: Semgrep, CodeQL, Burp Suite, OWASP ZAP)
  • CI/CD integration and automation
  • LLM and AI agent prompt engineering and workflow design
  • Python/Django development and production codebase navigation
  • Vulnerability assessment and threat modeling
  • Cross-team remediation leadership without direct authority
  • Fintech and financial data security considerations
  • Security vulnerability classification and severity assessment

Benefits

  • Hybrid work model based in San Francisco with in-office and remote flexibility
  • Fresh lunch provided on in-office days
  • Commuter support: $150 monthly transit reimbursement
Apply on the employer's site

Opens the official application on the employer’s site. No login required.

Collective

Collective builds an accounting platform designed to serve self-employed individuals and small businesses, with features including banking integrations, transaction pipelines, and reconciliation systems. The company is hiring fullstack and junior software engineers to develop and scale their financial products platform.

View all jobs at Collective

Likely interview questions

  • Walk us through a time you reduced vulnerability noise from a security scanner—what tactics did you use to improve signal quality and how did you measure success?
  • Describe your hands-on experience with LLMs or AI agents in security work. How have you evaluated whether an agentic approach actually improved your team's security posture?