Senior Product Security Engineer

Perforce is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. We are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. At Perforce, you’ll work with and learn from some of the best and brightest in business. Before you know it, you’ll be in the middle of a rewarding career at a company headed in one direction: upward.    With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce Software, Inc. is trusted by the world’s leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose Perforce.  
Position Summary:
As a Senior Product Security Engineer, you will be a strategic partner to our development and engineering teams, enabling them to build secure software through collaboration, education, and hands-on support. While you’ll help lead the implementation and tuning of application security tooling (SCA, SAST, secrets detection, container scanning), your long-term impact will come from fostering a culture of secure development and integrating security into every phase of the SDLC.
This role balances automation with thoughtful manual engagement - leveraging tools where they’re most effective, and applying targeted reviews such as threat modeling, secure code reviews, and architectural assessments where deeper insight is needed. You’ll use your expertise to guide remediation, influence engineering decisions, and ensure security is built in, not bolted on.
Success in this role requires strong technical depth, excellent communication skills, and the ability to work independently while mentoring others. You’ll thrive here if you’re proactive, resourceful, and passionate about enabling teams to build secure, resilient products.
Responsibilities:

Developer Enablement & Partnership

• Collaborate with product and engineering teams to integrate security controls at every stage of the software development life cycle.
• Partner with developers to explain findings, guide remediation, and promote secure coding practices.
• Conduct secure code reviews and participate in ARB (Architecture Review Board) discussions from a security standpoint.
• Continue to foster a culture of security awareness, including the education and training of developers on secure coding practices.
• Communicate effectively with technical and non-technical stakeholders about security concerns and best practices.

Risk Management

• Develop and maintain threat models to identify potential security risks and guide mitigation efforts.
• Conduct regular risk assessments and audits to ensure compliance with internal and external security standards.
• Assist in the management of third-party risks by tracking vulnerability assessment results and ensuring effective remediation.
• Participate in incident response and retrospective activities, ensuring that lessons learned are incorporated into product development practices.

Process Improvement, & Program Maturity

• Lead proof-of-concept evaluations and implementation of AppSec tools (i.e., SCA, SAST, secrets management, container security) within an ASPM framework.
• Configure and tune security tools to reduce false positives and improve signal-to-noise ratio.
• Drive adoption of automated security tooling and embed security early and consistently throughout CI/CD workflows.
• Continuously improve security processes and workflows by identifying gaps, streamlining practices, and aligning tooling with evolving business and engineering needs.
• Monitor advancements in information security technologies and programmatically incorporate them into the internal environment.

Leadership & Mentorship

• Mentor junior engineers and foster a culture of security awareness.
• Lead cross-functional security initiatives and drive strategic improvements.
• Work independently with minimal oversight and follow through on deliverables.

Requirements:

• 5+ years of experience in product or application security.
• Strong understanding of secure software development, DevSecOps, and threat modeling.
• Prior experience as a software developer or working closely within a development team, with a strong understanding of engineering workflows and developer perspectives
• Proficiency in secure code review and vulnerability triage.
• Hands-on experience with AppSec tooling (SAST, SCA, secrets detection, container scanning).
• Experience with cloud platforms (AWS, GCP, Azure) and developer SaaS tools (GitHub, Jira).
• Familiarity with IaC tools like Terraform is a plus.
• Excellent communication and influencing skills.
• Ability to work independently, take initiative, and follow through on deliverables.
• Experience mentoring others and leading technical projects.
• Proven ability to lead cross-functional teams in a technical capacity, driving complex security initiatives or risk analyses across enterprise environments.

Additionally, this position is eligible for benefits including, but not limited to, medical, dental, vision, retirement benefits, life insurance, wellness programs, total time off, and other employee perks that may be offered by Perforce from time to time. The actual offer will depend on a number of factors including, but not limited to, a candidate’s education, skills, qualifications, depth of experience and other relevant business considerations. Perforce reserves the right to amend or modify employee perks and benefits at any time. 
Come work with us! Our team members are valued for their contributions, introduced to new opportunities, and rewarded well. Perforce combines the experience and rewards of a start-up with the security of an established and privately held profitable company. If you are passionate about the technology that impacts our day-to-day lives and want to work with talented and dedicated people across the globe, apply today! www.perforce.com Please click here for: EOE & Belonging Statements | Perforce Software