Product & Data Security Engineer (AppSec, DLP & Privacy)- job post

April 9, 2026

Apply for this job

Email *

Job Description

United States•Remote

Full-time

Job details

Job type

  • Full-time

Full job description

Benefits:

  • Competitive salary

About the Role

Location: Fully Remote (U.S.)
Start Date: ASAP
Compensation: Competitive / Market Rate

SMART TECH SKILLS is seeking a Product & Data Security Engineer to help embed Secure-by-Design and Privacy-by-Design principles directly into the software development lifecycle (SDLC).

In this role, you will work closely with engineering teams to automate application security and data protection controls through code, ensuring security guardrails are enforced consistently via CI/CD pipelines and Git-based workflows. The environment is Azure-native, fully automated, and operates under a GitOps model—with no manual configuration or console-based security controls.

This is a hands-on engineering role for someone who enjoys building scalable security platforms, tooling, and guardrails that developers use by default.

Key Responsibilities

Secure SDLC Automation

  • Design, implement, and maintain automated SAST, SCA, and API security pipelines using GitHub Actions or equivalent CI/CD tooling
  • Implement policy-as-code security gates to prevent insecure code from being merged or released
  • Ensure security controls are enforced automatically throughout the SDLC

Data Loss Prevention (DLP) & Privacy

  • Implement source-level detection of PHI, PII, and secrets within CI/CD pipelines
  • Leverage regex-based and ML-based classifiers to identify sensitive data
  • Prevent sensitive data from entering source code repositories or build artifacts

API & Transport Security

  • Define and enforce Layer 7 security standards, including:
    • TLS 1.3 and HSTS
    • OAuth 2.0 / OIDC authentication flows
    • Secure JWT lifecycle management
  • Implement and enforce OpenAPI validation and linting policies

Data Protection Engineering

  • Develop reusable, secure-by-default libraries for:
    • Application-layer encryption
    • Tokenization
    • Data redaction and masking
  • Enable development teams with secure tooling that minimizes friction

Software Supply Chain Security

  • Generate Software Bills of Materials (SBOMs) for every build
  • Sign and attest to build artifacts
  • Enforce artifact provenance and integrity verification through CI/CD pipelines

Required Qualifications

  • 5+ years of experience in Application Security, Product Security, or Software Engineering
  • Strong hands-on experience with CI/CD security automation
  • Experience using GitHub Actions or comparable CI/CD platforms
  • Proven experience implementing secret detection and DLP tooling
  • Solid understanding of API security, OAuth 2.0, and OIDC frameworks
  • Strong programming skills in Python, Go, or TypeScript

Preferred Qualifications

  • Experience building security automation in GitOps-based environments
  • Azure-native cloud security experience
  • Experience designing or implementing secure development frameworks for enterprise applications
  • Familiarity with AI-assisted or developer productivity security workflows

Success Metrics

  • 90%+ of repositories protected by automated DLP and secret scanning
  • 100% API compliance with standardized authentication and security patterns
  • Significant reduction in high and critical application-layer vulnerabilities

Why Join SMART TECH SKILLS

  • Work on modern, cloud-native security challenges at scale
  • Build security platforms that directly enable and protect developers
  • Collaborate with engineering teams focused on automation and quality
  • Fully remote role with long-term growth potential

This is a remote position.