Product Security Research Engineer - Remote / Telecommute

We are looking for Product Security Research Engineer - Remote / Telecommute for our client in San Jose, CA

Job Title: Product Security Research Engineer - Remote / Telecommute

Job Location: San Jose CA

Job Type: Contract

Job Overview:

Pay Range: $96.12/hr - $101.12/hr

Requirement/Must Have:

- 6-9 years of experience in Product Security Engineering, Vulnerability Research, or Offensive Security, with a focus on deconstructing complex software systems.

- A talent for 'Attack Path Thinking', with the ability to identify how a minor logic flaw could lead to a major compromise.

- A strong understanding of software vulnerabilities (logic flaws, memory corruption, auth bypasses) and how they manifest in cloud-native and hybrid-cloud environments.

- Experience or a strong interest in using AI-driven tools to scale security engineering and automate the discovery of sophisticated vulnerability patterns.

- An ability to work as a peer with Architects and Developers, using technical data and research to build consensus on remediation paths.

Responsibilities:

- Partner with Security Architects to identify and technically validate potential exploit sequences.

- Engineer proofs-of-concept to demonstrate how individual vulnerabilities can be linked to create significant product exposure.

- Perform deep-dive technical research to determine the exact 'blast radius' of a vulnerability.

- Identify which products and versions are impacted and what specific data or services are at risk.

- Translate offensive research into preventative measures, providing Engineering teams with the technical evidence and architectural guidance needed to implement robust, long-term mitigations.

- Explore and implement AI-driven automation to enhance discovery and analysis capabilities.

- Use emerging technologies to scale the identification of complex vulnerability patterns across the stack.

- Serve as a senior technical subject matter expert during high-stakes triage, helping stakeholders understand the practical reality of threat through evidence-based technical analysis and exploit modeling.

Nice to Have:

- Experience with reverse engineering or high-level exploit development in a research-focused environment.

- Familiarity with 'Graph-based' security analysis (mapping relationships between assets, permissions, and vulnerabilities).

- Contributions to the security community, such as tool development, technical whitepapers, or responsibility disclosed CVEs.

- Experience in a distributed engineering environment where technical evidence is the primary driver of security prioritization.