Companies BeyondTrust Sr Product Security Engineer

About the role

BeyondTrust · Remote

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

We're hiring a Sr Product Security Engineer to do deep, hands-on security testing across BeyondTrust's product portfolio using AI as a force multiplier. You'll use Claude, Codex, and LLM-driven workflows to build threat hunting skills, develop fuzz factory plugins, and perform context-rich penetration testing that goes beyond what scanners and checklists catch.

This is a technical role. You'll discover vulnerabilities, build proof-of-concept exploits, validate findings, and work with engineering to remediate them. You'll also partner closely with Security Architects and Cyber Defense to turn offensive findings into defensive mechanisms: detection signatures, monitoring rules, and hardening guidance informed by real exploitation paths you've validated firsthand.

Our Product Security organization operates AI-first. You'll leverage Claude and Codex daily to automate repetitive testing workflows, generate targeted fuzz inputs, build custom security tooling, analyze code paths at scale, and produce exploit PoCs faster than manual methods allow. You'll also contribute back to the team by building reusable skills, prompts, and plugins that make everyone's testing more effective.

What You’ll Do

  • AI-Driven Security Testing & Vulnerability Discovery Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services. Use Claude and Codex to analyze code paths, trace data flows, identify attack surfaces, and generate targeted test cases that reflect how the product works, not generic payloads against generic endpoints.
  • Threat Hunting Skills & Fuzz Factory Plugins Build AI-powered threat hunting skills and fuzz factory plugins using Claude and Codex. Develop custom fuzzers that understand product-specific protocols, input formats, and business logic. Create reusable skills and agent workflows that automate discovery of vulnerability classes across the product portfolio: injection paths, auth bypass patterns, privilege escalation chains, and cryptographic weaknesses.
  • Proof-of-Concept Exploit Development Develop working proof-of-concept exploits for discovered vulnerabilities that demonstrate real impact in the product's deployment context. Use Claude and Codex to accelerate exploit development, generate payloads, and validate exploitation chains. A validated PoC with clear impact drives remediation; an unvalidated scanner finding sits in a backlog.
  • Vulnerability Validation & Remediation Partnership Validate vulnerabilities from all sources: your own testing, SAST, SCA, third-party pen tests, bug bounty submissions, and security research. Confirm exploitability, assess severity in context, and deliver specific fix recommendations to engineering teams grounded in the codebase and deployment model.
  • Cyber Defense & Architect Partnership Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities. Turn validated exploitation paths into detection signatures, monitoring rules, WAF configurations, and runtime protections. Work with Security Architects to identify emerging attack techniques relevant to BeyondTrust's product surface and build proactive testing coverage for them.
  • Security Tooling & Automation Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines. Develop custom SAST rules, and automated validation workflows using Claude and Codex. Contribute prompts, skills, plugins, and agent pipelines back to the Product Security team's shared tooling library.
  • Threat Modeling & Secure Design Participate in threat modeling exercises alongside Product Security Architects. Bring the attacker's perspective: identify abuse cases, map exploitation paths, and pressure-test design assumptions based on real testing experience across the product portfolio.
  •  

What You’ll Bring

Required

  • 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development
  • Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation
  • Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation
  • Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits
  • Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products
  • Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications
  • Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities
  • Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security
  • Strong communication skills: you can explain a complex exploitation chain to an engineering team and deliver a clear risk narrative to leadership

Preferred

  • Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms
  • Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms
  • Experience with mobile application security testing and thick client assessments
  • Familiarity with container security, Kubernetes security, and infrastructure-as-code scanning
  • Experience working with bug bounty programs, vulnerability disclosure programs, or coordinated disclosure
  • Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent hands-on credentials
  • Contributions to security research, open-source security tooling, or published vulnerability disclosures

How We'll Measure Success

  • Consistent discovery of meaningful vulnerabilities with validated PoC exploits that drive remediation across the product portfolio
  • AI-powered threat hunting skills and fuzz factory plugins actively finding vulnerability classes at scale that manual testing alone would miss
  • Validated findings include specific, implementable fix recommendations that engineering teams act on
  • Offensive findings translate into measurable defensive improvements through partnership with Cyber Defense and Research
  • Reusable skills, prompts, and plugins you build are adopted by the broader Product Security team
  • Engineering and security leadership trust your severity assessments and prioritization recommendations

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com

#LI-BS1

Ready to apply to BeyondTrust?
Apply to BeyondTrust
Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free