Staff Product Security Engineer

About the Position

Staff Product Security Engineer

We are looking for a Senior Product Security Engineer to extend our Product Security capability with a strong focus on continuous vulnerability discovery and prevention. This role is responsible for building and executing security regression testing, driving threat modeling across existing and new functionality, conducting targeted offensive security activities, and identifying real vulnerabilities based on a deep understanding of our platform and the OWASP Top 10 Web Application Security Risks.

The goal is simple: ensure that both existing functionality and new changes remain secure over time, and that real vulnerabilities are discovered before customers do.

Responsibilities

• Security Regression Testing
  • Design and maintain security regression test suites covering critical application flows
  • Ensure vulnerabilities, once fixed, are permanently prevented from recurring
  • Integrate security regression into CI/CD pipelines
  • Define coverage targets for security-critical areas (auth, access control, APIs, data flows)
• Threat Modeling
  • Lead structured threat modeling sessions for:
    • Existing system components
    • New features and architectural changes
  • Identify attack surfaces, abuse cases, and trust boundaries
  • Translate threats into:
    • Test cases
    • Security requirements
    • Mitigation plans
  • Ensure threat modeling becomes a continuous lifecycle activity
• Offensive Security / Red Team Activities
  • Perform manual and automated security testing simulating real attacker behavior
  • Focus on high-impact vulnerabilities, not theoretical findings
  • Validate exploitability and business impact
  • Partner with engineering teams to:
    • Reproduce issues
    • Prioritize fixes
    • Validate remediation
• OWASP Top 10–Driven Vulnerability Discovery
  • Continuously assess the platform against OWASP Top 10 categories
  • Use deep product knowledge to find non-obvious, context-specific vulnerabilities
  • Go beyond tooling (DAST/SAST) to uncover logic flaws and abuse paths
• Security Assurance for Product Changes
  • Review new features and changes for security risks
  • Ensure all changes are:
    • Threat-modeled
    • Covered by regression tests
  • Act as a security gatekeeper without becoming a bottleneck:
    • Enable teams with guidance and tooling
    • Avoid heavy process overhead
• Collaboration & Enablement
  • Work closely with:
    • Engineering teams
    • Architecture
    • SRE / Platform teams
  • Contribute to secure-by-design practices
  • Support developers in understanding and fixing vulnerabilities
  • Help scale security through:
    • Reusable patterns
    • Automation
    • Security guidance

Requirements

Required Qualifications

• 5+ years in Application / Product Security
• Bachelor's Degree or equivalent of 12 years of work experience
• Strong hands-on experience in:
  • Web application security testing
  • API security
  • Threat modeling methodologies
• Deep understanding of OWASP Top 10
• Experience with:
  • Manual penetration testing
  • Security regression testing
  • CI/CD security integration
• Ability to identify business logic vulnerabilities
• Strong understanding of:
  • Authentication, authorization, and session management
  • Multi-tenant architectures
  • Cloud-native systems

Preferred Qualifications

• Experience in SaaS / multi-tenant platforms
• Familiarity with:
  • Bug bounty programs
  • Red teaming
  • Security automation frameworks
• Knowledge of:
  • AWS
  • Identity systems and federation (SSO, MFA)
• Background in software engineering (ability to read/write code)

We Offer

• Join a diverse team of over 21,000 professionals in more than 30 countries
• Opportunities to launch and advance your career in technical and business roles
• Make a real impact by developing innovative products and solutions
• Maximize your performance and wellbeing in our flexible and inclusive work environment

About the Company

Renesas is an embedded semiconductor solution provider driven by its Purpose ‘To Make Our Lives Easier.’ As the industry’s leading expert in embedded processing with unmatched quality and system-level know-how, we have evolved to provide scalable and comprehensive semiconductor solutions for automotive, industrial, infrastructure, and IoT industries based on the broadest product portfolio, including High Performance Computing, Embedded Processing, Analog & Connectivity, and Power.

At Renesas, you can:

• Launch and advance your career in technical and business roles across four Product Groups and various corporate functions.
• Make a real impact by developing innovative products and solutions to meet our global customers' evolving needs and help make people’s lives easier, safe and secure.
• Maximize your performance and wellbeing in our flexible and inclusive work environment. Our people-first culture and global support system, including the remote work option and Employee Resource Groups, will help you excel from the first day.

Are you ready to own your success and make your mark? Join Renesas. Let’s Shape the Future together.

Renesas Electronics is an equal opportunity and affirmative action employer, committed to supporting diversity and fostering a work environment free of discrimination on the basis of sex, race, religion, national origin, gender, gender identity, gender expression, age, sexual orientation, military status, veteran status, or any other basis protected by law. For more information, please read our Diversity & Inclusion Statement.