Why This Job is Featured on The SaaS Jobs
Product security is a core differentiator in modern SaaS, where customer trust depends on the resilience of web applications, APIs, and cloud infrastructure. This Senior Product Security Engineer role stands out because it is explicitly offensive leaning, centred on simulating real adversary behaviour and translating findings into concrete fixes that improve the product’s security posture.
For a long-term SaaS career, this kind of work builds durable, cross-company skills: threat modelling in product contexts, hands-on exploitation of common web and cloud weaknesses, and the discipline of producing remediation guidance that engineering teams can implement. Experience with frameworks like MITRE ATT&CK and familiarity with OWASP patterns also travels well across SaaS verticals, especially as organisations formalise continuous security testing alongside CI/CD.
The role is best suited to practitioners who prefer deep technical investigation, can balance manual creativity with automation, and are comfortable documenting evidence and reproduction steps with precision. It will fit someone who enjoys partnering with product and platform engineers, and who wants to remain close to how SaaS features are built and shipped rather than operating solely in a compliance or policy lane.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Key Responsibilities
Simulate real-world attacker tactics, techniques, and procedures (TTPs) to assess and improve the security posture of applications, APIs, and infrastructure.
Identify, exploit, and document vulnerabilities in products and supporting systems using both manual techniques and automated tools.
Develop and execute custom attack scenarios, including phishing, social engineering, and lateral movement campaigns, to test organizational defenses.
Prepare comprehensive assessment reports, including reproduction steps and actionable remediation guidance for engineering teams.
Stay current with the latest security threats, adversary methodologies (e.g., MITRE ATT&CK framework), and offensive security tooling.
Assist in simulating adversary attacks to identify vulnerabilities and logic flaws in web and product features.
Help develop automation scripts, tools, and documentation to support security testing activities.
Continuously learn and apply the latest security testing techniques, tools, and industry best practices.
Required Qualifications
Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience.
5+ years of experience in offensive security, penetration testing, or red teaming.
Solid understanding of basic networking, web technologies, and computer systems.
Familiarity with at least one scripting or programming language (e.g., Python, JavaScript, Bash, PowerShell).
Demonstrated interest in cybersecurity (capture the flag participation, open-source contributions, hacking challenges, security coursework, etc.).
Strong problem-solving and communication skills.
Eagerness to learn and adapt in a fast-paced security environment.
Preferred Qualifications
Certifications such as CCRT(S), OSEP, GPEN, OSCP, SANS SEC565.
Knowledge of common attack patterns, OWASP Top 10, or cloud security basics.
Contributions to the security community in the form of research, CVEs, tools, or publications.
About Us:
Cloud Software Group is one of the world’s largest cloud solution providers, serving more than 100 million users around the globe. When you join Cloud Software Group, you are making a difference for real people, each of whom count on our suite of cloud-based products to get work done — from anywhere. Members of our team will tell you that we value passion for technology and the courage to take risks. Everyone is empowered to learn, dream, and build the future of work. We are on the brink of another Cambrian leap -- a moment of immense evolution and growth. And we need your expertise and experience to do it. Now is the perfect time to move your skills to the cloud.
Cloud Software Group is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination. All qualified applicants will receive consideration for employment without regard to age, race, color, creed, sex or gender, sexual orientation, gender identity, gender expression, ethnicity, national origin, ancestry, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions (including lactation status), marital status, military service, protected veteran status, political activity or affiliation, taking or requesting statutorily protected leave and other protected classifications.
If you need a reasonable accommodation due to a disability during any part of the application process, please contact us via the Bridge portal for assistance.
