Movable Ink personalizes every customer engagement through automation and artificial intelligence. The world’s most innovative brands rely on Movable Ink to maximize revenue, simplify workflow and achieve the optimal customer experience. Headquartered in New York City with 600 employees, Movable Ink serves its global client base with operations throughout North America, Central America, Europe, and Australia.
Product Security Engineer
Location
New York
Posted
130 days ago
Salary
$170K - $200K / year
Seniority
Mid Level
Job Description
Product Security Engineer
Movable Ink
• Implement and maintain static application security testing (SAST) using Semgrep across our repositories • Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies • Manage secrets detection scanning (Trufflehog) and respond to findings • Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged • Triage and prioritize vulnerability findings, working with engineering teams to drive remediation • Support dynamic application security testing (DAST) efforts using tools like ZAP • Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation • Set up and configure automation scripts to support our vulnerability management practices • Document secure coding guidelines and help educate developers on security best practices • Evaluate and recommend new security tools as the landscape evolves
Job Requirements
- 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
- Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
- Familiarity with CI/CD pipelines and GitHub Actions
- Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
- Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
- Strong written communication skills for documentation and customer-facing security responses
- Self-motivated and able to manage competing priorities in a fast-paced environment.
Benefits
- Medical benefits
- Financial benefits
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.
Information Security Member
Anchorage DigitalTrusted institutional partner in crypto and first federally chartered crypto bank
• Help build and scale a forward-looking security program • Ensure security of data and client’s digital assets • Work on various information security projects • Identify and evaluate risk to the Information Security Program • Create and improve controls to manage operational risks • Contribute to the long-term strategy of Information Security Team
Security Architect
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
• Support the design and configuration of enterprise information systems in alignment with security standards and requirements • Review and improve the security posture • Review new and existing system security plans • Participate in architecture reviews • Create and refine threat models • Offer technical guidance to minimize security risks • Oversee the execution of cybersecurity initiatives • Collaborate with other teams and serve as a subject matter expert while adhering to best security practices
• Ensure the security and safety of all business information, both at rest and in transit. • Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements. • Partner with engineering and DevOps on secure architecture. • Partner with Compliance and Legal on regulatory requirements. • Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security. • Manage Infrastructure Security. • Enhance and maintain the current network per IT policy. • Analyze security breaches to determine root cause, then mitigate any discovered issues. • Participate in architecture reviews and provide security approvals. • Manage security incident policy and response plan execution. • Provide quarterly and security assessment reviews. • Conduct all 3rd party vendor security assessment. • Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.). • Maintain and administer security awareness training curriculum for employees. • Lead certification efforts for SOC 2, SOX ITGC Audits. • Work cross-functionally within the company to fulfill security requirements.
