Lead threat modeling engagements on the features and services where the risk warrants it. •
Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup. •
Requirements
You'll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.
We expect you to bring a sharp point of view on where AI can take work off the team's plate and make our coverage deeper. Responsibilities: •
Bring AI to the work.
You treat AI as part of the toolkit. You're skeptical where you should be, aggressive where it pays off, and you want to work somewhere that's serious about both.
experience in a security-focused role. AppSec, ProdSec, or cloud security preferred. •
Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent). •
Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus. •
Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations. • Hands-on
experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.
Experience with developer tools, SaaS platforms, or feature management •
Familiarity with Go, Python, or TypeScript •
Experience
2 to 4 years of full-time
Benefits
Target pay ranges based on Geographic Zones for Level 2:
Zone 1: San Francisco/Bay Area or NYC Metropolitan Area, Boston, Seattle - $ 136,000 - $187,000 **
Zone 2: Irvine, LA, Monterey, Santa Barbara, Santa Rosa, Austin, Portland, Philadelphia, Chicago - $ 122,000 - $168,000 **
Zone 3: All other US locations - $ 116,000 - $159,000 **
LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs.
Exact compensation may vary based on skills, experience, and location.
*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.
**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary. About LaunchDarkly:
Contact
To do so, contact People Ops at hr@launchdarkly.com .
Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly .com email addresses or via LinkedIn from "Verified Recruiter" accounts.
Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com .
Additional details
LaunchDarkly's Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day.
Our security team keeps it safe for the global systems that depend on us. You'll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area.
Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.
You'll report to the Director of Security and work closely with software engineers, product managers, and other security engineers.
Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running. •
Contribute to SDLC tooling, SAST / SCA workflows, and bug bounty triage as the team's work demands. •
Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives. •
Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil.
Help the team build durable patterns for safe and effective use, not one-off prompts. •
Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them. About You: •