Product Security Engineer

Role at a Glance

We are hiring our first dedicated Product Security Engineer to build and scale application security at Gecko. You will play a key role in shaping how security works across our product as we grow.

This is a hands on role. You will work directly with engineers to make secure software the default. We have tools in place today, but we need someone who can improve them, automate workflows, and reduce manual security work.

If you enjoy building systems from the ground up, solving practical problems, and partnering closely with product and engineering teams, this role is for you.

What you will do

• Build and improve application security across our product and cloud systems. You will work closely with engineers to make secure software the default, without slowing teams down.

• Add security checks into CI and CD pipelines so issues are caught early. Improve existing tools and reduce noise so engineers can focus on what matters.

• Review code and infrastructure to find and fix security risks. Help teams use secure patterns that are easy to repeat.

• Automate security tasks that are currently manual. Build guardrails that scale as the company grows.

• Partner with platform teams to strengthen cloud security in AWS or Google Cloud and prevent common mistakes.

• Support security controls needed for SOC 2, ISO, and similar standards as we continue to grow.

Technologies We Use

• Python, JavaScript, React

• Amazon Web Services and Google Cloud

• GitHub, GitLab, Jenkins

• Containers and infrastructure as code

About you

Required Skills

• 5+ years of experience in application security, product security, or DevSecOps

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or relevant experience

• Strong understanding of cloud security in AWS, Azure, or Google Cloud

• Experience writing and reviewing code in languages such as Python, Javascript, Java, or Go

• Experience integrating security into CI and CD workflows

• Ability to work closely with engineers in a fast moving startup environment

• Practical mindset focused on managing risk without blocking progress

• Strong english written and verbal communication skills. Able to explain security risks and solutions clearly to both technical and non-technical teams

• Willingness and ability to travel approximately four to six times per year

Preferred Skills

• Experience building or maturing application security practices in early stage companies

• Experience working in regulated or defense related environments

• Security certifications such as OSCP, CSSLP, or similar