Product Security Engineer

About Us

Zenity is the first and only holistic platform built to secure and govern AI Agents from buildtime to runtime. We help organizations defend against security threats, meet compliance, and drive business productivity.

Trusted by many of the world’s F500 companies, Zenity provides centralized visibility, vulnerability assessments, and governance by continuously scanning business-led development environments.

We recently raised $38 million in a Series B funding, solidifying our position as a leader in the industry and enabling us to accelerate our mission of securing AI Agents everywhere.

Responsibilities

• Own, maintain, and continuously improve the Secure Design Review process, ensuring security considerations are integrated early in the development lifecycle.
• Develop, implement, and maintain Zenity’s Application Security Program, including controls, standards, developer enablement, and automation.
• Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting.
• Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams.
• Develop and maintain Zenity’s Cloud Security Program, defining guardrails, policies, and automated controls for secure-by-default cloud deployments.
• Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes.
• Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline, ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages.
• Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations.
• Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development.
• Define and track KPIs, metrics, and reporting for application and cloud security health.
• Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans.
• Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.

• Five (5) + years of experience in Engineering / Security Engineering
• We build solutions when faced with a capability gap
• You’re very comfortable with Kubernetes, Helm, and Terraform
• You’re very comfortable with Python and Typescript
• Three (3) + years of experience in an Application Security/Product Security focused role
• You’ve led AppSec focused “Security Review” programs
• You’ve led CloudSec focused “Secure Design” reviews
• You’ve led multiple vulnerability management campaigns to mitigate Cloud and Application security risks
• Two (2) + years of experience managing enterprise wide security projects
• You have a strong opinion on what a “project plan” doc should look like
• You’ve owned and delivered the migration or deployment of an AppSec focused security tool (SAST, DAST, ASPM, etc.)