Note: The job is a remote job and is open to candidates in USA. Movable Ink is a company that specializes in content personalization for marketers through data-activated content generation and AI decisioning. They are seeking a Product Security Engineer to secure their codebases, CI/CD pipelines, and development practices, balancing a security-first mindset with practical engineering insights. This role involves implementing security measures, managing vulnerabilities, and collaborating with engineering teams to ensure safe software delivery.
Responsibilities
- Implement and maintain static application security testing (SAST) using Semgrep across our repositories
- Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies
- Manage secrets detection scanning (Trufflehog) and respond to findings
- Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged
- Triage and prioritize vulnerability findings, working with engineering teams to drive remediation
- Support dynamic application security testing (DAST) efforts using tools like ZAP
- Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation
- Set up and configure automation scripts to support our vulnerability management practices
- Document secure coding guidelines and help educate developers on security best practices
- Evaluate and recommend new security tools as the landscape evolves
Skills
- 2+ years of experience in application security, DevSecOps, or a security-focused software engineering role
- Hands-on experience with SAST, SCA, or secrets scanning tools (Semgrep, Dependabot, Snyk, or similar)
- Familiarity with CI/CD pipelines and GitHub Actions
- Understanding of common web application vulnerabilities (OWASP Top 10) and how to detect/prevent them
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
- Comfortable navigating codebases and working with engineering teams to explain and prioritize security findings
- Strong written communication skills for documentation and customer-facing security responses
- Self-motivated and able to manage competing priorities in a fast-paced environment
- Experience reading and reviewing code in at least one language (Ruby, Python, JavaScript, or Go preferred)
Benefits
- Additional bonus depending on the position ultimately offered
- A full range of medical, financial, and/or other benefits
Company Overview
Movable Ink activates any data into personalized content in any customer engagement. It was founded in 2010, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is http://movableink.com.Company H1B Sponsorship
Movable Ink has a track record of offering H1B sponsorships, with 7 in 2024, 2 in 2021. Please note that this does not guarantee sponsorship for this specific role.