Senior Product Security Engineer

Who we areWe're Redis. We built the product that runs the fast apps our world runs on. (If you checked the weather, used your credit card, or looked at your flight status online today, you're welcome.) At Redis, you'll work with the fastest, simplest technology in the business—whether you're building it, telling its story, or selling it to our 10,000 worldwide customers. We're creating a faster world with simpler experiences. You in?Why would you love this jobAs a Senior Product Security Engineer with us, you'll be at the forefront of application security innovation. You'll combine your passion for hacking methodologies with cutting-edge security technologies to protect our software products. This role offers the perfect blend of hands-on technical work and strategic impact. You'll dive deep into code across multiple languages to uncover hidden vulnerabilities and conduct penetration testing that directly strengthens our application defenses. You'll leverage industry frameworks like OWASP for secure application development and MITRE ATT&CK for understanding cloud-based attack patterns. Working directly with engineering teams, you'll embed security throughout the software development lifecycle and shape how we build secure applications from the ground up. Beyond the technical challenges, you'll mentor talented developers on secure coding practices and drive application security culture across the organization. You'll have the freedom to explore emerging application threats and security technologies through our comprehensive professional development support. If you're driven by curiosity and want to make a meaningful impact protecting applications used by thousands of users, this role offers the perfect environment to advance your application security expertise while working with a team that values innovation and continuous learning.What you'll doSecurity Architecture & DesignDesign and implement security controls and frameworks for product developmentConduct security architecture reviews and threat modeling for new features and productsCollaborate with engineering teams to integrate security requirements into product roadmapsDevelop and maintain security standards, guidelines, and best practicesCode Security & AssessmentPerform comprehensive security code reviews across multiple programming languagesConduct penetration testing and vulnerability assessments on applications and infrastructureAnalyze security findings from automated scanning tools and drive their remediationLead the vulnerability disclosure processesSecurity Tooling & ProcessImplement and optimize Static Application Security Testing tools and workflowsDeploy and manage Dynamic Application Security Testing solutionsOversee Software Composition Analysis for third-party dependency managementBuild security metrics, dashboards, and reporting capabilitiesCollaboration & CommunicationContribute to security compliance and governance effortsPartner with development teams to provide security guidance and trainingPresent security findings and recommendations to technical and executive stakeholdersMentor security champions and foster security culture across engineeringStay current with emerging threats, security technologies, and industry best practicesWhat will you need to have?Technical ExpertiseProficiency in multiple programming languages including Java, C, and PythonExtensive experience conducting security code reviews and identifying vulnerabilitiesAbility to read and understand code to identify security flaws and antipatternsUnderstanding of secure software development concepts and their application to Secure Software Development LifecycleHands-on experience with penetration testing methodologies and toolsDeep understanding of cloud technologies and major cloud service providers (AWS, Azure, GCP)Proven experience implementing and/or managing SAST, DAST, and SCA security toolsExperience with container security and orchestration platforms (Docker, Kubernetes)Professional SkillsStrong verbal communication skills with fluency in EnglishAbility to translate complex security concepts into actionable recommendationsExperience working collaboratively with cross-functional engineering teamsDemonstrated curiosity and commitment to staying current with cutting-edge security technologiesAdversarial Security ExpertiseInterest in and knowledge of hacking tactics, techniques, and procedures (TTPs)Familiarity with the MITRE ATT&CK framework and its practical applicationsAbility to operate with an adversarial mindset and think like an attackerExperience with common hacking tools and exploitation techniquesExperience Requirements5 years of experience in product security, application security, or related fieldBachelor's degree in Computer Science, Cybersecurity, or equivalent practical experienceExtra great if you have: Knowledge of Redis products and in-memory database security considerationsActive participation in Capture The Flag (CTF) competitionsExperience with DevSecOps practices and CI/CD pipeline security integrationBackground in security research, vulnerability disclosure, or bug bounty programsFamiliarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS)Our culture is what makes Redis a fun and rewarding place to work. To support you at work and beyond, we offer all our US team members fantastic benefits and perks:Competitive salaries and equity grantsUnlimited time off to promote a healthy work-life balanceH/D/V coverage along with 401K, FSA, and commuter benefitsFrequent team celebrations and recreation eventsHome internet & phone stipendLearning and development opportunitiesAbility to influence a high-performance company on its way to IPO The estimated gross base annual salary range for this role is $120,000 – $145,000 per year in New York, California, Washington, Colorado, and Rhode Island. Actual compensation may vary and is dependent on various factors, including a candidate's work location, qualifications, experience, and competencies. Base annual salary is one component of Redis' total compensation and competitive benefits package, which may include 401(k), unlimited time off, learning and development opportunities, and comprehensive health and wellness benefits. This role may include discretionary bonuses, stock options, commuter benefits based on location, or a commission plan. Salary history is not used in compensation package decisions. Redis utilizes market pay data to determine compensation, so posted compensation ranges are subject to change as new market data becomes available. #LI-AB1As a global company, we value a culture of curiosity, diversity of thought, and innovation from our employees, customers, and partners. Redis is committed to a diverse and inclusive work environment where all employees' differences are celebrated and supported, and everyone feels safe to bring their authentic selves to work. Redis is dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national orientation, sexual orientation, age, marital status, disability, gender identity, gender expression, Veteran status, or any other classification protected by federal, state, or local law. We strive to create a workplace where every voice is heard, and every idea is respected.Redis is committed to working with and providing access and reasonable accommodation to applicants with mental and/or physical disabilities. If you think you may require accommodations for any part of the recruitment process, please send a request to recruiting@redis.com. All requests for accommodations are treated discreetly and confidentially, as practical and permitted by law.Any offer of employment at Redis is contingent upon the successful completion of a background check, consistent with applicable laws. Redis reserves the right to retain data longer than stated in the privacy policy in order to evaluate candidates.

Salary : $113,400 - $155,400