Staff Product Security Engineer

Job not on LinkedIn

🕒 April 30

🇺🇸 United States – Remote

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Cherry

WebsiteLinkedInAll Job Openings

201 - 500 employees

Founded 2019

💳 Fintech

🤝 B2B

Fintech • B2B

Cherry is a fintech platform that provides point-of-sale financing and payment plans for healthcare and veterinary practices, dental clinics, medspas, plastic surgery and dermatology providers. It lets consumers apply in about 60 seconds with an industry-leading approval rate, offers instant funding to practices, and handles repayments directly so providers receive payment within 2-3 business days. Cherry markets zero-interest short-term options (Pay-in-4), longer-term 0% APR promotions for qualifying treatments, reduced merchant fees, and customer support and marketing resources to help practices increase case acceptance and cash flow.

📋 Description

• Partner with product and engineering teams to perform security design reviews and threat modeling for new and existing features across Cherry's platform. • Own and evolve Cherry's product security program — including secure coding standards, vulnerability management, and security testing processes. • Lead security reviews for authentication and authorization systems, ensuring robust access control patterns across our web and mobile products. • Assess and improve the security posture of Cherry's cloud infrastructure including network controls, IAM policies, secrets management, and container security. • Champion security best practices for payment processing, financial and health data handling, in alignment with PCI DSS and relevant compliance frameworks. • Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive remediation of identified vulnerabilities. • Build and maintain security tooling integrated into the SDLC - SAST, DAST, dependency scanning, and runtime protection. • Respond to security incidents, perform root cause analysis, and implement lasting fixes to prevent recurrence. • Educate and mentor engineers on security principles, fostering a culture of security ownership across the organization. • Monitor the threat landscape for emerging risks relevant to FinTech and healthcare-adjacent payment products.

🎯 Requirements

• 5+ years of experience in product security, application security, or a related security engineering role. • Deep expertise in authentication and authorization — including OAuth 2.0, OIDC, JWT, SAML, RBAC/ABAC models, and session management. • Hands-on experience securing cloud environments (AWS preferred), including IAM, VPC, container orchestration (EKS/ECS), and infrastructure-as-code. • Strong understanding of secure software development practices — OWASP Top 10, threat modeling (STRIDE or similar), secure code review, and vulnerability remediation. • Experience integrating security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Excellent communication skills — able to articulate security risk clearly to both technical and non-technical stakeholders. • Proven ability to work cross-functionally in a fast-paced, high-growth engineering environment. • Nice to Have: Penetration testing experience, familiarity with payment industry security, experience at a FinTech, healthcare technology, or other regulated-industry company.

🏖️ Benefits

• Competitive Base + Bonus • Generous equity grant • Medical, vision, and dental benefits • Fully remote company • Flexible PTO