TechJobBoard
Why TechJobBoard?

LaunchDarkly

Product Security Engineer

at LaunchDarkly

Remote


About the Job:

LaunchDarkly's Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You'll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.

LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You'll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.

You'll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team's plate and make our coverage deeper.

Responsibilities:

  • Lead threat modeling engagements on the features and services where the risk warrants it.

  • Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.

  • Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.

  • Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.

  • Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.

  • Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.

  • Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.

About You:

  • You're proactive by default. You'd rather spot drift early and fix the cause than chase symptoms after an incident.

  • You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.

  • You invest in relationships with the engineering, product, and leadership teams you work with.

  • You know security work moves at the speed of trust.

  • You're a good partner. You're helpful and direct, you say no with reasons and alternatives, and you don't mistake gatekeeping for rigor.

  • You're security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what's wrong with them.

  • You treat AI as part of the toolkit. You're skeptical where you should be, aggressive where it pays off, and you want to work somewhere that's serious about both.

Qualifications:

  • 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.

  • Comfortable reading and critiquing pull requests in a modern stack. You don't need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.

  • Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).

  • Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.

  • Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.

  • Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.

Nice to Haves: 

  • Experience with developer tools, SaaS platforms, or feature management

  • Bug bounty triage experience (HackerOne, Bugcrowd)

  • Familiarity with Go, Python, or TypeScript

  • Contributions to internal security tooling or open-source security projects

Pay:

Target pay ranges based on Geographic Zones* for Level 2:

  • Zone 1: San Francisco/Bay Area or NYC Metropolitan Area, Boston, Seattle - $136,000 - $187,000**
  • Zone 2: Irvine, LA, Monterey, Santa Barbara, Santa Rosa, Austin, Portland, Philadelphia, Chicago - $122,000 - $168,000**
  • Zone 3: All other US locations - $116,000 - $159,000**

LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.

*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.
**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.

About LaunchDarkly:

Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare "big-bang" technology migrations. 

The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:

  • Improving the velocity and stability of software releases, without the fear of end customer outages
  • Delivering targeted experiences by easily personalizing features to customer cohorts
  • Maximizing the business impact of every feature through the ability to experiment and optimize
  • Coordinating the release and optimization of software to provide consistent experiences across mobile platforms and device types
  • Improving the effectiveness and productivity of engineering teams, by providing insights into engineering cadence and stability

At LaunchDarkly, we believe in the power of teams. We're building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com

Do you need a disability accommodation?

Fill out this accommodations request form and someone from our People Operations team will contact you for assistance. 

Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from "Verified Recruiter" accounts. Be cautious of emails from other domains.  Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, don't click any links—visit Careers | LaunchDarkly  directly for confirmed job openings and links to apply.

Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.

TechJobBoard

Search open jobs in the tech industry faster and find your match.

© 2023 TechJobBoard. All rights reserved.