Staff Security Engineer, Product Security

Attentive® is the AI-powered mobile marketing platform transforming the way brands personalize consumer engagement. Attentive enables marketers to craft tailored journeys for every subscriber, driving higher recurring revenue and maximizing campaign performance. Activating real-time data from multiple channels and advanced AI, the platform personalizes content, tone, and timing to deliver 1:1 messages that truly resonate.

With a top-rated customer success team recognized on G2, Attentive partners with marketers to provide strategic guidance and optimize SMS and email campaigns. Trusted by leading global brands like Neiman Marcus, Samsung, Wayfair, and Dyson, Attentive ensures enterprise-grade compliance and deliverability, supporting trillions of interactions across more than 70 industries. To learn more or request a demo, visit www.attentive.com or follow us on LinkedIn, X (formerly Twitter), or Instagram.

Attentive’s growth has been recognized by Deloitte’s Fast 500, Linkedin’s Top Startups and Forbes Cloud 100 all thanks to the hard work from our global employees!

About the Role

We are looking for an experienced and versatile security engineer who brings both technical acumen and a developer mindset to their work. Our ideal candidate is motivated by helping to reduce risk while enabling the business to move quickly and safely. You will be a key member of the Security Engineering team, which carries the responsibility for the security of Attentive’s platform (we work in AWS) and customer-facing products (we build microservices primarily in Java). Practically, this spans a broad gamut of building and/or operating tools to secure our code and underlying systems from development to delivery, to detect and respond to abnormal behaviors, and to provide security testing and guidance to colleagues as they architect new systems and features.

As part of this team and in this role, you will lead our product and application security program, serving as the key player in our organization for guidance and action on making our product more secure for our clients. You’ll find yourself working with a group of other talented security professionals of various backgrounds with a shared goal to shape the future of Attentive’s security program and provide a positive impact for the company and its customers.

Approach

At Attentive, we believe interacting with our security team and security controls should feel delightful and straightforward. Thus, the person in this role needs:

- A creative and solution-oriented attitude. You’ll leverage this when finding solutions that work for all stakeholders.

- The patience to fully understand developer teams’ processes and goals. You’ll need this so you can implement thoughtful, complementary security solutions.

- The ability to build automation into security processes. You’ll need this to reduce the security burden on our partner teams and support extremely rapid growth across the company.

• Architecture Design & Code Reviews: Perform secure design reviews, testing and code reviews of new systems and product features. Look for common security flaws such as injection attacks, cross-site scripting (XSS), and insecure configurations
• Automation & Tooling: Design, develop, implement and maintain tools to secure our code and underlying systems from development to delivery. This includes code scanning, dependency management, security testing, and CI/CD pipeline integration
• Engineering Support: Provide hands-on support to engineers to deploy security solutions, integrate security processes, harden services and remediate vulnerabilities - including encryption, authentication, authorization and input validation
• Threat Modeling: Lead the development of comprehensive threat models for new and existing products and infrastructure to identify, assess, and mitigate security risks
• Vulnerability Management: Establish and manage a vulnerability management lifecycle for our applications, ensuring timely detection, reporting, and remediation of security vulnerabilities
• Security Guidance: Establish secure coding practices and provide continuous security guidance to developers across engineering
• Documentation: Responsible for developing and maintaining security documentation and reports derived from penetration testing activities and product security tools

• 7+ years of experience in Security with a focus in application/product security, with deep knowledge of web application technologies, identifying and remediating common vulnerabilities in code, the modern threat landscape for attack vectors, and commensurate cloud security fundamentals
• Proven knowledge and experience in building and automating processes, such as static code analysis using Semgrep, to make a positive impact in how code is shipped, not just a checkbox activity
• In-depth knowledge of common application & network protocols, cryptography, authentication & authorization protocols, and common security threats and attack techniques
• Bonus if you are well-versed in Java vulnerabilities or Gradle dependency management, and/or have experience in Kubernetes/container security
• Demonstrated impact in prior roles as a senior individual contributor or team leader to independently deliver impact for a security program through your own contributions and by influencing change through others
• Strong experience coding and reviewing code with one of these languages: Java, Python, Golang
• Bonus if you have experience working in AWS and deploying infrastructure as code 
• Skilled at communicating complex technical ideas, risks and threats to non-technical audiences

You'll get competitive perks and benefits, from health & wellness to equity, to help you bring your best self to work.

For US based applicants:

- The US base salary range for this full-time position is $200,000 - $260,000 annually + equity + benefits

- Equity is a substantial part of the total compensation package

- Our salary ranges are determined by role, level and location

#LI-MDK1

Attentive Company Values

Default to Action - Move swiftly and with purpose

Be One Unstoppable Team - Rally as each other’s champions

Champion the Customer - Our success is defined by our customers' success

Act Like an Owner - Take responsibility for Attentive’s success

Learn more about AWAKE, Attentive’s collective of employee resource groups.

If you do not meet all the requirements listed here, we still encourage you to apply! No job description is perfect, and we may also have another opportunity that closely matches your skills and experience.

At Attentive, we know that our Company's strength lies in the diversity of our employees. Attentive is an Equal Opportunity Employer and we welcome applicants from all backgrounds. Our policy is to provide equal employment opportunities for all employees, applicants and covered individuals regardless of protected characteristics. We prioritize and maintain a fair, inclusive and equitable workplace free from discrimination, harassment, and retaliation. Attentive is also committed to providing reasonable accommodations for candidates with disabilities. If you need any assistance or reasonable accommodations, please let your recruiter know.