Sr Product Security Engineer

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio. Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself. The Role We're hiring a Sr Product Security Engineer to do deep, hands-on security testing across BeyondTrust's product portfolio using AI as a force multiplier. You'll use Claude, Codex, and LLM-driven workflows to build threat hunting skills, develop fuzz factory plugins, and perform context-rich penetration testing that goes beyond what scanners and checklists catch. This is a technical role. You'll discover vulnerabilities, build proof-of-concept exploits, validate findings, and work with engineering to remediate them. You'll also partner closely with Security Architects and Cyber Defense to turn offensive findings into defensive mechanisms: detection signatures, monitoring rules, and hardening guidance informed by real exploitation paths you've validated firsthand. Our Product Security organization operates AI-first. You'll leverage Claude and Codex daily to automate repetitive testing workflows, generate targeted fuzz inputs, build custom security tooling, analyze code paths at scale, and produce exploit PoCs faster than manual methods allow. You'll also contribute back to the team by building reusable skills, prompts, and plugins that make everyone's testing more effective. What You’ll Do AI-Driven Security Testing & Vulnerability Discovery Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services. Use Claude and Codex to analyze code paths, trace data flows, identify attack surfaces, and generate targeted test cases that reflect how the product works, not generic payloads against generic endpoints. Threat Hunting Skills & Fuzz Factory Plugins Build AI-powered threat hunting skills and fuzz factory plugins using Claude and Codex. Develop custom fuzzers that understand product-specific protocols, input formats, and business logic. Create reusable skills and agent workflows that automate discovery of vulnerability classes across the product portfolio: injection paths, auth bypass patterns, privilege escalation chains, and cryptographic weaknesses. Proof-of-Concept Exploit Development Develop working proof-of-concept exploits for discovered vulnerabilities that demonstrate real impact in the product's deployment context. Use Claude and Codex to accelerate exploit development, generate payloads, and validate exploitation chains. A validated PoC with clear impact drives remediation; an unvalidated scanner finding sits in a backlog. Vulnerability Validation & Remediation Partnership Validate vulnerabilities from all sources: your own testing, SAST, SCA, third-party pen tests, bug bounty submissions, and security research. Confirm exploitability, assess severity in context, and deliver specific fix recommendations to engineering teams grounded in the codebase and deployment model. Cyber Defense & Architect Partnership Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities. Turn validated exploitation paths into detection signatures, monitoring rules, WAF configurations, and runtime protections. Work with Security Architects to identify emerging attack techniques relevant to BeyondTrust's product surface and build proactive testing coverage for them. Security Tooling & Automation Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines. Develop custom SAST rules, and automated validation workflows using Claude and Codex. Contribute prompts, skills, plugins, and agent pipelines back to the Product Security team's shared tooling library. Threat Modeling & Secure Design Participate in threat modeling exercises alongside Product Security Architects. Bring the attacker's perspective: identify abuse cases, map exploitation paths, and pressure-test design assumptions based on real testing experience across the product portfolio.   What You’ll BringRequired 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security Strong communication skills: you can explain a complex exploitation chain to an engineering team and deliver a clear risk narrative to leadership Preferred Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms Experience with mobile application security testing and thick client assessments Familiarity with container secur