Staff Product Security Engineer

Build the cloud platform that’s transforming electronics design. Altium 365 for cloud lets design engineers communicate, collaborate and bring their ideas to market more efficiently than any platform in the industry. We are looking for a Senior Product Security Engineer to extend our Product Security capability with a strong focus on continuous vulnerability discovery and prevention.

This role is responsible for:

• Building and executing security regression testing
• Driving threat modeling across existing and new functionality
• Conducting targeted offensive security activities (Red Team–style testing)
• Identifying real vulnerabilities based on a deep understanding of our platform and the OWASP Top 10 Web Application Security Risks

The goal is simple: ensure that both existing functionality and new changes remain secure over time, and that real vulnerabilities are discovered before customers do.

Key Responsibilities

• Security Regression Testing
  • Design and maintain security regression test suites covering critical application flows
  • Ensure vulnerabilities, once fixed, are permanently prevented from recurring
  • Integrate security regression into CI/CD pipelines
  • Define coverage targets for security-critical areas (auth, access control, APIs, data flows)
• Threat Modeling
  • Lead structured threat modeling sessions for existing system components and new features and architectural changes
  • Identify attack surfaces, abuse cases, and trust boundaries
  • Translate threats into test cases, security requirements, and mitigation plans
  • Ensure threat modeling becomes a continuous lifecycle activity
• Offensive Security / Red Team Activities
  • Perform manual and automated security testing simulating real attacker behavior
  • Focus on high-impact vulnerabilities, not theoretical findings
  • Validate exploitability and business impact
  • Partner with engineering teams to reproduce issues, prioritize fixes, and validate remediation
• OWASP Top 10–Driven Vulnerability Discovery
  • Continuously assess the platform against OWASP Top 10 categories
  • Use deep product knowledge to find non-obvious, context‑specific vulnerabilities
  • Go beyond tooling (DAST/SAST) to uncover logic flaws and abuse paths
• Security Assurance for Product Changes
  • Review new features and changes for security risks
  • Ensure all changes are threat-modeled and covered by regression tests
  • Act as a security gatekeeper without becoming a bottleneck: enable teams with guidance and tooling, avoid heavy process overhead
• Collaboration & Enablement
  • Work closely with engineering teams, architecture, and SRE / platform teams
  • Contribute to secure‑by‑design practices
  • Support developers in understanding and fixing vulnerabilities
  • Help scale security through reusable patterns, automation, and security guidance

Qualifications

Required Qualifications

• 5+ years in Application / Product Security
• Bachelor's Degree or equivalent of 12 years of work experience
• Strong hands‑on experience in web application security testing, API security, and threat modeling methodologies
• Deep understanding of OWASP Top 10
• Experience with manual penetration testing, security regression testing, and CI/CD security integration
• Ability to identify business logic vulnerabilities
• Strong understanding of authentication, authorization, and session management, multi‑tenant architectures, and cloud‑native systems

Preferred Qualifications

• Experience in SaaS / multi‑tenant platforms
• Familiarity with bug bounty programs, red teaming, and security automation frameworks
• Knowledge of AWS and identity systems and federation (SSO, MFA)
• Background in software engineering (ability to read/write code)

Renesas Electronics is an equal opportunity and affirmative action employer, committed to supporting diversity and fostering a work environment free of discrimination on the basis of sex, race, religion, national origin, gender, gender identity, gender expression, age, sexual orientation, military status, veteran status, or any other basis protected by law. For more information, please read our Diversity & Inclusion Statement.