Principal Product Security Engineer
Glocomms is partnered with a small, high-growth FinTech firm in New York City to hire a Principal Product Security Engineer. This firm is building secure, scalable infrastructure for Bitcoin investing and digital asset management and currently holds a multi-billion-dollar valuation. The Principal Product Security Engineer will be a hands-on technical leader responsible for building and integrating security directly into the firm's core infrastructure and product stack.
Note: This is not a governance or oversight role-it's an engineering-first position for someone who thrives in code, understands systems deeply, and can design secure solutions that scale across cloud-native environments.
Primary Responsibilities
- Write production-grade code to build security tooling, automate testing, and integrate controls into CI/CD pipelines.
- Conduct deep, hands-on code reviews across the product stack to identify security vulnerabilities, enforce secure design patterns, and guide engineering teams toward best practices.
- Architect and implement cloud security solutions, including hardened configurations, IAM policies, and network controls.
- Lead threat modeling and risk assessments for new features, infrastructure changes, and deployments.
- Develop and maintain automated security testing frameworks and integrate them into developer workflows.
- Collaborate with engineering teams to embed DevSecOps practices and shift security left in the development lifecycle.
- Own vulnerability management processes, including scanning, triage, and remediation strategies.
Key Qualifications
- 8+ years of experience in product or application security, with a strong background in software engineering.
- Proficiency in at least two of the following languages: Python, Java, Golang.
- Deep understanding of cloud security architecture (AWS, GCP, or Azure), including infrastructure-as-code and secure deployments.
- Experience building and integrating security tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI).
- Strong knowledge of application security principles, threat modeling, and secure design patterns.
- Hands-on experience with vulnerability scanning tools, SAST/DAST, and automated testing frameworks.
- Ability to assess risk and implement scalable mitigation strategies with measurable impact.
Additional Information
- Location: Fully onsite in New York City - candidates must be able to work onsite 5 days per week.
- Compensation: Competitive base salary up to $300,000-$350,000/year, plus equity.
- This is a high-impact, high-autonomy role with direct access to engineering leadership and the opportunity to shape the security posture of a fast-moving FinTech platform.
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your resume so you can be considered for roles that have yet to be created.
Yes, we help with resume and interview preparation. From customized support on how to optimize your resume to interview preparation and compensation negotiations, we advocate for you throughout your next career move.