Senior Product Security Engineer

Mirantis is seeking a Senior Product Security Engineer to help secure our portfolio of products and services including enterprise software and critical infrastructure. This role is part of our growing Product Security program and will play a key role in implementing security controls driving remediation efforts supporting compliance initiatives and partnering with engineering teams to ensure a secure software development lifecycle.

As a Senior Product Security Engineer you will work closely with engineering security operations and compliance teams to reduce risk across Mirantis products. You will have the opportunity to shape security strategy automate controls and ensure security is embedded into every stage of product development and operations.

Key Responsibilities

Secure Products & Infrastructure:

• Design implement and maintain security controls across applications infrastructure and CI/CD pipelines.

• Embed security requirements aligned with SOC 2 ISO 27001 and internal standards.

• Drive adoption and operationalization of SAST DAST container scanning IaC security and dependency analysis tooling.

• Integrate automated security testing into the SDLC to enable secure-by-design development.

Offensive Security & Vulnerability Management:

• Lead application security reviews threat modeling vulnerability assessments and penetration testing.

• Validate and prioritize findings based on exploitability and business impact.

• Partner with engineering teams to ensure timely measurable remediation.

• Proactively identify and demonstrate security weaknesses to improve overall product resilience.

Incident Response & Risk Reduction:

• Support investigation of product and infrastructure security incidents.

• Contribute to root cause analysis and durable remediation strategies.

• Identify systemic control gaps and implement long-term risk mitigation measures.
   

Compliance & Assurance:

• Support product-level security reviews and audit activities.

• Coordinate evidence collection and control validation for SOC 2 ISO 27001 and enterprise requirements.

• Translate compliance requirements into actionable engineering controls.

Cross-Product Security Leadership:

• Develop and maintain security expertise across multiple Mirantis products.

• Standardize security practices and tooling across teams.

• Strengthen program scalability and reduce single-point-of-failure risk.

Security Advocacy & Enablement:

• Champion secure design principles and modern application security practices.

• Provide actionable guidance during architecture and code reviews.

• Drive continuous improvement and automation across the SDLC.

Qualifications :

• 5 years of experience in product security application security or security engineering.

• Strong knowledge of common vulnerabilities (OWASP Top 10 SANS Top 25) and secure development practices.

• Demonstrated experience with manual penetration testing threat modeling and exploitation techniques.

• Hands-on experience with security tooling and automation including:

  • SAST / DAST tooling and CI/CD integration

  • Container image scanning (e.g. Trivy Grype Anchore)

  • IaC security (e.g. Terraform Helm KICS Checkov)

  • Dependency and software supply chain security tools

• Experience with vulnerability management platforms and remediation workflows.

• Experience working with containerized environments Kubernetes and cloud platforms.

• Proven ability to integrate and automate security controls within CI/CD pipelines.

• Strong collaboration and communication skills across engineering and product teams.
  Experience supporting SOC 2 ISO 27001 or similar compliance frameworks.

• Relevant certifications (OSCP OSEP OSWE GPEN GWEB GWAPT GCSA) strongly preferred.

• Proficiency in scripting or programming (Go Python or similar) is a plus.

Additional Information :

What does Mirantis offer you

• Work with an established Silicon Valley leader in the cloud infrastructure industry.

• Work with exceptionally passionate talented and engaging colleagues helping Fortune 500 and Global 2000 customers implement next-generation cloud technologies.

• Be a part of cutting-edge open-source innovation.

• Thrive in the high-energy environment of a young company where openness collaboration risk-taking and continuous growth are valued.

• Receive a competitive compensation package with strong benefits plan

We are a Leader for Container Management in G2 (#2 after AWS)!

Remote Work :

Yes

Employment Type :

Full-time