Description:
As a Product Security Specialist II, you will:
- Monitor, triage, and analyze vulnerability findings from commercial and internal tools, distinguishing true positives from false positives and duplicates.
- Assess vulnerability impact in the context of Safe’s products and architectures, and document findings clearly for engineering teams.
- Own vulnerability findings through investigation, prioritization, and handoff to development teams.
- Maintain and update metadata used to track third-party dependencies and software components.
- Conduct security and compliance reviews of third-party libraries and vendor components, including licensing and known risk signals.
- Respond to internal and customer-facing questions regarding vulnerabilities and product security posture.
- Assist with security questionnaires, audits, and other compliance-related inquiries.
- Identify opportunities to improve or automate vulnerability monitoring, triage workflows, and tooling efficiency.
Qualifications, Skills, And Competencies
At Safe Software, we welcome diverse backgrounds and experiences. While not all candidates will have everything listed, the most successful candidates will bring many of the following:
What We’re Looking For
- 1-2 years of experience in product security, application security, or a closely related cybersecurity role.
- Solid understanding of common vulnerability classes and secure development practices (e.g., OWASP Top 10).
- Experience working with vulnerability scanning tools, particularly software composition analysis (SCA) tools.
- Proficiency in Python for automation, tooling, or analysis.
- Strong analytical skills and the ability to interpret noisy or incomplete data.
- Clear communication skills for technical and non-technical audiences.
- A degree in Computer Science, Cybersecurity, Information Technology, or a related field—or equivalent practical experience.
Nice To Have
- Familiarity with compliance frameworks such as SOC 2 or ISO 27001.
- Security certifications (e.g., CISSP, CISM, or similar).
- Experience in SaaS or product-focused engineering environments.