Senior Product Security Analyst

Your Job will be (but not limited to)

• Champion and operationalize Secure Software Development Lifecycle (SSDLC) practices across engineering teams, ensuring security is embedded throughout the product development process.
• Conduct in-depth security reviews of application designs, system architectures, and infrastructure components to identify risks and ensure alignment with security best practices and organizational objectives.
• Lead the development and execution of threat modeling exercises for new and existing products. Conduct risk assessments to identify security vulnerabilities and propose pragmatic, risk-aligned mitigations.
• Provide expert-level security guidance to product and engineering teams, including the creation of actionable threat models and recommendations for effective, scalable countermeasures.
• Influence the evolution of enterprise-wide security policies, standards, and development guidelines with a focus on enhancing secure-by-design principles and regulatory compliance.
• Evaluate, pilot, and drive the adoption of emerging security technologies and tooling to enhance the organization's product security capabilities and developer experience.
• Plan and perform comprehensive security assessments, penetration tests, and threat simulations across a variety of platforms and environments. 
• Leverage existing processes to triage and assign vulnerabilities identified by security tools to the appropriate stakeholders for timely remediation.
• Serve as a key partner to engineering, DevOps, compliance, and other cross-functional teams to embed security into the product lifecycle and foster a strong security culture.
• Act as the designated security lead for a specific product domain, serving as the primary liaison and advisor for all security-related concerns and initiatives within that area.

Professional Experience and Skills Requirements

• 5+ years of hands-on experience as a Security Professional with a strong focus on application security
• Proven experience performing security assessments and penetration testing of web applications
• Practical experience conducting threat modeling using the STRIDE methodology
• Strong understanding of vulnerability management best practices with the ability to implement them at scale
• Exposure to AI and LLM technologies with a foundational understanding of relevant security controls
• In-depth knowledge of modern application architectures and associated security considerations
• Proficiency with cloud platforms—AWS and GCP experience is required
• Familiarity with OWASP standards including the OWASP Top 10, Testing Guide, and SAMM framework
• Hands-on experience with tools such as Burp Suite, SonarQube, OWASP ZAP, Nmap, and other security testing tools
• Ability to analyze, assess, and appropriately prioritize vulnerabilities based on risk
• Strong communication skills with the ability to convey technical concepts to both technical and non-technical audiences
• Self-motivated and proactive mindset with a focus on process improvement and efficiency
• Team-oriented attitude with a willingness to support and collaborate across functions
• A continuous learning mindset with a strong drive to stay current in security trends and emerging technologies
• Excellent command of the English language, demonstrating strong listening, speaking, and reading skills

Your success story will be:

In the first 30 days you will

• Develop a deep understanding of Bloomreach’s product portfolio, architecture, and core services
• Familiarize with internal SOPs, security policies, and team workflows
• Gain operational knowledge of in-scope security solutions, tools, and platforms used by the Product Security team
• Establish working relationships with cross-functional teams including Engineering, DevOps, and Compliance

In the next 30 days you will (60 days from start)

• Actively contribute to ongoing penetration tests and security assessments of web applications and product components
• Participate in threat modeling sessions using methodologies like STRIDE to identify potential design risks
• Review vulnerability data and security findings from various sources (e.g., scanning tools, manual testing)
• Analyze and validate findings, assess risk impact, and begin drafting remediation guidance collaboratively with stakeholders
• Continue developing subject matter expertise in Bloomreach’s security landscape, including AI/LLM-related risks

In the next 30 days you will (90 days from start)

• Take ownership of security assessments for new product features and enhancements

• Lead threat modeling sessions and provide actionable recommendations early in the development lifecycle
• Drive and facilitate technical discussions related to secure architecture and application-level protections
• Serve as a point of contact for Product Security, engaging with engineering teams and leadership to advise on secure development practices
• Proactively identify process improvements and contribute to the ongoing evolution of the product security program