Product Security Engineer
US - Remote
Kustomer
With Kustomer, deliver faster, richer experiences to your customers with omnichannel messaging, a unified customer view, and AI-powered automations.About Kustomer
Kustomer is the industry leading conversational CRM platform perfecting every customer experience. Built with intelligent tools such as AI and Automation, no code-configuration and a connected data platform that unifies data from multiple sources through a single timeline, Kustomer empowers businesses to operate with greater efficiency and deliver more personalized service to customers across any channel, making every interaction more meaningful and memorable. Today, Kustomer is the core platform for some of the leading customer service brands like Ring, Glovo, Away Travel, Priceline and Sweetgreen.
Kustomer was founded in 2015 by serial entrepreneurs Brad Birnbaum and Jeremy Suriel and has raised over $200M in funding backed by leading VCs. Meta announced its intention to acquire Kustomer in 2020 and completed the transaction in 2022. Kustomer joined Meta’s Business Messaging Group to transform the way people and businesses communicate through modern messaging channels. In 2023, Kustomer spun out from Meta as a standalone company backed by original partners, Battery, Redpoint and Boldstart Ventures, who have invested $60M in capital, ensuring Kustomer’s growth and success for many years to come.
Our Krew is made up of passionate and collaborative people who really care about what they do and the people they help. We look for people who are passionate about enhancing the customer service experience for everyone involved, as it's the core of what we do. We're growing our business with no plans of slowing down. We actively seek individuals who want to learn and be challenged every day. We have also transitioned to a remote friendly company, with Krew members located throughout the U.S. coming together for Kamp Kustomer each year.
About the Role
Kustomer is looking for a highly skilled Product Security Engineer with a robust technical background, exceptional problem-solving abilities, and comprehensive expertise in product security. This pivotal role involves crafting and executing security strategies to safeguard our products and customers against cyber threats and collaborating closely with a team of proficient engineers. This role is not just about mitigating risks; it's about setting industry standards for product security, fostering a secure development lifecycle, and ensuring that security is an integral part of our product design and deployment process. Join us in our mission to deliver a secure Customer Experience, shaping the future of product security at Kustomer.
What You’ll Do:
Take a lead role in formulating and deploying security measures to fortify Kustomer against cyber threats.
Proactively hunt for potential vulnerabilities within our product, product designs and codebases, collaborating with our team to develop robust solutions that effectively mitigate risks and rectify security weaknesses.
Keep abreast of emerging security trends, technologies, and practices, leveraging this knowledge to continuously enhance Kustomer's product security posture.
Champion product security within the organization by utilizing your technical skills to maintain security documentation, enforce coding standards, and lead security training, thereby promoting a culture of security awareness and a proactive approach to safeguarding our offerings.
Analyze security logs and reports meticulously, identifying and addressing security incidents swiftly.
Collaborate with vendors and internal product and engineering teams to identify and prioritize security threats, ensuring they are effectively addressed from the early stages of product development to retrospective evaluations.
Conduct detailed risk assessments and formulate strategies to mitigate risks for new and existing products.
Serve as a subject matter expert for cybersecurity solutions, procedures, and implementation across product lines.
Manage incident response situations and provide expert consultation on security lifecycle and technical assessments.
Write clean, maintainable, and well-documented code following best practices and coding standards.
Assist in security forensic investigations.
Your Qualifications:
5+ years of software development + security experience with significant experience in security architecture design and review.
Strong proficiency in one of the modern server-side languages such as Java, Go, Python, JavaScript(React/node.js)
Strong understanding of software engineering principles, design patterns, and best practices for building scalable and maintainable code.
Experience in building web applications using React.js or similar frontend frameworks.
Experience with RESTful API development, integrating with external services and databases.
Familiarity with AWS and experience with cloud services like AWS Lambda or Firebase.
Familiarity with Github and CI/CD pipelines and automation tools for building, testing, and deploying applications.
Ability to diagnose and debug complex issues, optimize application performance, and identify areas for improvement
Experience in cloud security, including knowledge of current and emerging threats.
Strong interpersonal skills, with an ability to work independently or cross functionally as part of a remote team.
Experience with data protection & archiving, disaster recovery, business continuity, and implementing security measures.
Proven project management familiarity with Agile methodologies and working in an agile team environment
You proactively identify challenges & opportunities
Ability to clearly communicate technical concepts and project information to both technical and non-technical audiences
Nice To Have:
You have Github activity showing thoughtful, relevant contributions
Strong Proficiency in AWS services such as EC2, S3, Lambda, API Gateway, and CloudFormation.
Strong understanding of NoSQL databases, particularly MongoDB, including data modeling and query optimization.
Experience with testing frameworks and methodologies (e.g., Jest, Mocha, Selenium) and a focus on code quality through unit testing and integration testing.
Familiarity with containerization technologies like Docker and container orchestration frameworks like Kubernetes.
Familiarity of HTML, CSS, and front-end development principles, including responsive design and cross-browser compatibility.
Familiarity with authentication and authorization mechanisms (e.g., OAuth, JWT)
Experience in crowd sourced vulnerability program
HIPAA Compliance
All roles at Kustomer may involve handling sensitive personal data.
Benefits
Kustomer offers an array of benefits including competitive salaries, stock options, 100% healthcare coverage, 401K, WiFi and Mobile reimbursement, and a generous vacation policy.
Diversity & Inclusion at Kustomer
Kustomer is committed to bringing together individuals from different backgrounds and perspectives.
We strive to create an inclusive environment where everyone can thrive, feel a sense of belonging, and do great work together.We are proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, Veteran status, or any other legally protected status.
Disclaimer: Kustomer only contacts candidates from company email addresses ending in kustomer.com and does not seek funds from candidates in any circumstances.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile API Gateway APIs Automation AWS CI/CD Cloud Compliance Docker EC2 GitHub HIPAA Incident response Java JavaScript Kubernetes Lambda MongoDB Node.js NoSQL Product security Python Risk assessment S3 Vulnerabilities
Perks/benefits: Career development Equity Flex vacation
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs