Product Security Engineer

Product Security Engineer
Remote | Product and Development | Full-Time

WHO WE ARE

Headquartered in Nashville, Tenn., Ncontracts leads the industry in integrated risk management and compliance solutions, serving over 5,000 financial institutions nationwide. As a seven-time Inc. 5000 Fastest Growing Companies honoree and consistent year-over-year recipient of "Best Places to Work" awards, we offer a thriving, work environment where career growth and life-work balance go hand in hand.

At Ncontracts, you'll join a team of industry experts dedicated to strengthening the financial services sector through innovation and thought leadership. We're seeking creative, collaborative, and self-driven professionals across all areas of our business - from developing cutting-edge solutions to sales, marketing, customer support, and beyond. Join us in our mission to make the financial industry stronger and more resilient, while advancing your career in a supportive, dynamic environment that values your unique skills and perspectives.

THE ROLE

We're looking for a Product Security Engineer to embed security throughout our software development lifecycle. You'll work closely with engineering teams to secure our financial services platform, with particular focus on emerging AI technologies including Agentic AI systems. This role offers the opportunity to shape security practices in a cutting-edge fintech environment.

WHAT YOU DO

• Participate in security architecture reviews and threat modeling for new features and systems
• Perform code reviews with focus on security vulnerabilities and best practices
• Design and implement security controls for cloud infrastructure (AWS, Azure, GCP)
• Participate in security assessments of AI/ML systems, including Agentic AI implementations
• Contribute to secure coding guidelines and security testing frameworks
• Integrate security tools into CI/CD pipelines (SAST, DAST, dependency scanning)
• Collaborate with DevOps team on infrastructure-as-code security practices
• Investigate and remediate security vulnerabilities across the technology stack
• Create security documentation for development teams and architectural decisions
• Support penetration testing activities and coordinate remediation efforts
• Research emerging threats and security technologies, particularly in AI/ML space

WHAT YOU NEED

• 2+ years of experience in application security or product security engineering
• Bachelor’s degree in computer science, Cybersecurity, or related technical field
• Strong programming skills in modern languages (Python, Ruby, Java, C#, JavaScript, PowerShell)
• Strong database experience with proficiency in SQL and PostgreSQL
• Deep understanding of web application security (OWASP Top 10, API security)
• Experience with cloud security architectures and containerization (Docker, Kubernetes)
• Experience with server administration across Linux and Windows environments
• Knowledge of security testing tools and methodologies (SAST, DAST, penetration testing)
• Experience applying risk assessment methodologies (DREAD, CVSS) to analyze security findings and establish data-driven remediation priorities
• Understanding of secure software development lifecycle (SSDLC) practices
• Experience with version control systems (Git) and CI/CD pipelines
• Experience with infrastructure automation using Ansible
• Demonstrated ability to communicate technical security concepts to diverse stakeholders and influence remediation efforts
• Self-motivated with ability to work independently and drive security initiatives to completion
• Experience collaborating with development teams to implement security fixes

NICE TO HAVE

• Professional certifications (SAA-C03, PJPT, CSSLP, CEH, OSCP, AZ-400, AWS DevOps, or equivalent)
• Experience with AI/ML security, including model security and adversarial attacks
• Knowledge of financial services security requirements and data protection
• Experience with infrastructure-as-code tools (Terraform, CloudFormation)
• Background in threat modeling frameworks (STRIDE, PASTA, OCTAVE)
• Experience with security orchestration and automation platforms

WE OFFER

• A fun, fast-paced work environment
• Responsible PTO Plan that meets or exceeds state and local medical and family leave laws
• 11 paid holidays
• Community and social events to keep you connected and engaged
• Mental Health Benefits
• Medical, Dental and Vision insurance
• Company-paid Group Life Insurance, Short- and Long-Term Disability
• Flexible Spending Account & Health Savings Account
• Aflac Benefits – Critical Illness, Cancer Protection, & Hospital Choice
• Pet Insurance
• 401 (k) with company match with eligibility on Day 1 of employment
• 2 Paid Volunteer Time Off Days
• And much more!

Compensation Information

Pursuant to state and local law disclosure requirements, the pay range for this role, with final offer amount dependent on education, skills, experience and location is $80,000 to $100,000 per year. This position may be eligible for an annual discretionary incentive award. The incentive award amount is dependent upon company performance and your personal performance and is not guaranteed.

AAP/EEO Statement

Ncontracts provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.