Product Security Engineer

The Role:

Security at Cedar isn’t about saying "no"—it’s about building the "yes."

We are looking for a Product Security Engineer who is an engineer at heart. You won’t run scans and file tickets; you will write code, build infrastructure, and ship internal products that make the secure path the easiest path for our developers.

You will act as a pragmatic partner to our Maker teams, helping them ship high-value features safely without sacrificing velocity. You will solve for high-risk, high-value workflows across product, infrastructure, and integrations.

What You’ll Solve: here is an example of a project that a current Product Security Engineer in this role recently shipped:

• Problem: 
• Developers needed to troubleshoot a workflow and could only reproduce the problem if the logs were updated to include otherwise access-restricted, sensitive data. 
• Putting sensitive data into logs is risky, and the status quo involved tracing identifiers through multiple systems until the sensitive data could be safely retrieved. This was labor intensive and slow, while patients felt the pain of our delays.
• Solution: Instead of saying 'no', we built a reusable, custom logger that could safely accommodate sensitive data. It can be temporarily enabled and stored and analyzed safely.
• Impact: They partnered with a product team as an early beta tester to solve a concrete friction point. The system increased developer velocity and improved our security posture by removing the temptation for developers to log sensitive information.

What You’ll Do

• Build Security Tooling: Shift into a development role to architect robust tools in Terraform, Bash, Go, or Python. You’ll use gRPC, GraphQL, and HTTP to build automation that eliminates manual security toil and developer pain.
• Architect for Scale: Grab pairing time with product engineers to co-design features across Cedar. You will help bake security in at the design phase, not bolt it on at the end.
• Pave the Road: Review Infrastructure-as-Code (Terraform) and IAM roles, not just to find flaws, but to offer code-ready improvements that educate developers and streamline future deployments.
• Advise, Don't Block: Serve as a trusted advisor. When you find a vulnerability, you don’t just report it—you help scope the fix based on a pragmatic understanding of the risk and the business context.

About You

• You are a developer first: You have substantial experience in software development and are comfortable writing production-ready code (we use Python and Go, but we welcome all backgrounds).
• You are pragmatic: You understand that "perfect" security doesn't exist. You can weigh security risks against business goals and communicate trade-offs effectively to non-security stakeholders.
• You are proactive: You don't wait for a ticket. You look for patterns in vulnerabilities and build systemic fixes or libraries to prevent entire classes of bugs.
• You know the cloud: You have deep familiarity with AWS infrastructure best practices, IAM, and containerization.
• You are a teacher: Your default setting is collaborative, not combative: You're excited about enabling software developers.

Bonus Points

• Experience creating developer-focused security libraries or CLI tools.
• Familiarity with HIPAA, PCI, or securing fintech/payment data.
• Participation in CTFs, bug bounties, or open-source security contributions.

Applicants must be currently authorized to work in the United States on a full-time basis.

Compensation Range and Benefits

• Salary/Hourly Rate Range*: $157,250 - $185,000
• This role is equity eligible
• This role offers a competitive benefits and wellness package

*Subject to location, experience, and education

#LI-CR1