Senior Product Security Engineer

Built Technologies Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• You will be the security champion for Built’s entire product portfolio, embedding security into every stage of the SDLC—from initial architecture reviews to production incident response—ensuring that the AI-powered platform trusted by lenders, developers, and property owners remains resilient against evolving threats.
• Own the design, implementation, and continuous improvement of a secure-by-default development culture: define secure coding standards, run threat-modeling workshops with product and engineering squads, and automate security gates in CI/CD so releases ship fast without compromising safety.
• Lead deep-dive security assessments of new and existing micro-services, APIs, and data pipelines that power construction draw management, loan origination, portfolio analytics, and payment workflows; produce clear risk ratings, actionable remediation plans, and executive-ready briefings that help leadership balance business velocity with risk appetite.
• Build and maintain a cloud-native security stack on AWS (KMS, GuardDuty, Security Hub, Lambda-based custom controls) and Kubernetes, codifying controls with Terraform and Helm so environments are reproducible, compliant, and continuously monitored.
• Drive the bug-bounty and penetration-testing program end-to-end: scope engagements, triage findings, partner with engineers for rapid fixes, and publish post-mortems that turn incidents into company-wide learning opportunities.
• Instrument real-time detection and response capabilities using SIEM, EDR, and container runtime security tools; create runbooks, conduct purple-team exercises, and mentor on-call engineers so the entire org can detect, contain, and eradicate threats within minutes—not hours.
• Influence product strategy by translating regulatory frameworks (SOC 2, ISO 27001, GLBA, state RMI laws) into pragmatic technical requirements, ensuring Built’s roadmap anticipates compliance obligations before they become blockers.
• Champion privacy-by-design for sensitive real-estate financial data: classify data, implement least-privilege access models, and partner with Legal & Risk to maintain customer trust and competitive differentiation.
• Establish metrics that matter—MTTR, vulnerability half-life, control coverage—and present monthly security scorecards to the CTO and Board, turning abstract risk into concrete engineering OKRs.
• Mentor a growing security guild across engineering, DevOps, and data science, creating reusable libraries, brown-bag sessions, and pair-programming rituals that scale security expertise beyond a single team.
• Collaborate cross-functionally with Customer Success and Implementation teams to conduct customer-facing security reviews, white-glove audits, and RFP responses that accelerate enterprise deals and reinforce Built’s reputation as the most trusted platform in PropTech.
• Stay ahead of the threat landscape by evaluating emerging AI/ML attack vectors (model poisoning, prompt injection) and designing countermeasures that protect Built’s predictive analytics and automated underwriting engines.
• Contribute to open-source security projects and represent Built at industry conferences, amplifying our thought leadership while attracting top-tier talent to the mission of modernizing real-estate finance.

🎯 Requirements

• 5+ years of hands-on product or application security experience, including secure code review, threat modeling, and penetration testing in cloud-native environments.
• Expert-level proficiency with AWS security services (IAM, KMS, GuardDuty, Security Hub) and container security (Kubernetes, EKS, OPA/Gatekeeper).
• Demonstrated ability to write secure, production-grade code in at least one modern language (Python, Go, TypeScript, or Java) and to automate security controls via Infrastructure-as-Code (Terraform, CloudFormation, or Pulumi).
• Strong working knowledge of compliance frameworks such as SOC 2, ISO 27001, or NIST CSF, with experience translating controls into engineering requirements.
• Nice-to-have: contributions to open-source security tools, published CVE research, or prior experience securing AI/ML pipelines.

🏖️ Benefits

• Fully remote-first culture with quarterly in-person off-sites in top-tier destinations, all expenses paid.
• Competitive salary plus equity in a fast-growing, profitable PropTech scale-up backed by top-tier VCs.
• Annual $3,000 professional-development stipend for conferences, certifications, or advanced training of your choice.
• Comprehensive health, dental, vision, and mental-wellness coverage for you and dependents from day one.
• 20 days PTO plus company-wide recharge weeks (July 4th and December holidays) to ensure true downtime.

Skills & Technologies

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Built Technologies Inc.

Visit Website

About Built Technologies Inc.

Built Technologies provides a cloud-based construction finance platform that connects lenders, borrowers, and contractors to streamline draw management, compliance, and risk monitoring throughout the lifecycle of a construction loan. The software automates documentation collection, approval workflows, and fund disbursement, replacing spreadsheets, email, and paper with a centralized system that increases transparency and reduces delays. Banks, credit unions, and private lenders use the platform to monitor budgets, approve inspections, and release payments faster while maintaining regulatory compliance. Contractors and developers access real-time project information, submit draw requests, and track funding status, improving cash flow and collaboration across stakeholders.

View Company Profile