Senior Product Security Engineer

Remote in the United States, Canada or Europe

Apply now Apply later

Sanity is seeking a Senior Product Security Engineer who can balance hands-on security work with holistic product security responsibilities. This role will be instrumental in strengthening and developing our security posture while also supporting compliance initiatives and vendor management. The ideal candidate will have strong technical security skills and the ability to manage programs across security, compliance, and vendor ecosystems.

Joining our security team means becoming part of something bigger than just fixing vulnerabilities or reviewing code. You will be empowering creators, developers, and businesses to focus on what they do best while you handle the invisible shield that protects their digital assets. We believe security should enable innovation rather than hinder it, and we're looking for someone who shares our passion for building secure systems that help our customers shine in the digital world.

At Sanity.io, we are changing how forward-thinking companies like PUMA, Spotify, Figma, Riot Games, and Linear create digital experiences. Our content operating system replaces rigid legacy CMS solutions with a flexible, developer-first platform that gives engineers complete control to build without restrictions.

About the role:

As a Senior Product Security Engineer at Sanity, you will directly strengthen our product security through hands-on security work. You will also manage critical compliance requirements and vendor security assessments. This role has the potential to make tangible improvements to our products, with company-wide impact.

This is not a Security Operations Center (SOC) role and does not require on-call, though your participation will be expected in order to address security incidents when they arise. You will focus on proactive security work integrated directly into our product development process, collaborating with teams to embed security from the beginning. Your contributions will strengthen our compliance posture, maintaining customer trust while supporting innovation.

This role reports directly to the head of SRE, and there is a clear path for growth with the opportunity to have a large impact in our organization.


What you would do:


Product Security Engineering

  • Proactively engage with product teams and contribute code fixes when necessary

  • Coordinate security pentesting activities and follow up on findings

  • Triage and respond to security issues and bug bounty reports

  • Review security requests for new libraries or vendors

  • Act as a security advisor for product development

  • Develop and maintain security tools and alerts

Holistic security responsibilities

  • Assist in managing and implementing the security aspects of our compliance program

  • Contribute to compliance and security related questions from customers (RFIs)

  • Support and lead vendor security assessments


About you:
  • Based in the US, Canada, or Europe

  • 5+ years of experience in security engineering roles as an individual contributor

  • Experience with product security principles and practices

  • Familiarity with GCP and BigQuery

  • Strong communication skills and ability to work with cross-functional teams and talk to customers

  • Self-motivated with excellent organizational and time management skills

  • Experience managing secrets and tokens in software environments

Nice to have:

  • Familiarity with the SOC 2 Type 2 compliance requirements and processes

  • Experience with Wazuh, Trivy, and other OSS security tools

  • Proficiency in TypeScript and Golang

  • Startup experience

  • Growth mindset

Not sure you’re exactly what we’re looking for in this role? Apply anyway!

What we can offer:
  • A highly-skilled, inspiring, and supportive team

  • Positive, flexible, and trust-based work environment that encourages long-term professional and personal growth

  • A global, multi-culturally diverse group of colleagues and customers

  • Comprehensive health plans and perks

  • A healthy work-life balance that accommodates individual and family needs

  • Competitive salary and stock options program

Who we are:

Sanity.io is a modern, flexible content operating system that replaces rigid legacy content management systems. One of our big differentiators is treating content as data so that it can be stored in a single source of truth, but seamlessly adapted and personalized for any channel without extra effort. Forward-thinking companies choose Sanity because they can create tailored content authoring experiences, customized workflows, and content models that reflect their business.

Backed by Netlify, Vercel, the founders of Twitter and Medium, Heroku’s ex-CEO, and leading VCs like ICONIQ Growth, Threshold Ventures, and Lead Edge Capital, Sanity is at the epicenter of the modern digital product development stack.

You can only build a great company with a great culture. Read about our values and join us in building a diverse and inclusive team.

Sanity.io pledges to be an organization that reflects the globally diverse audience that our product serves. We believe that in addition to hiring the best talent, a diversity of perspectives, ideas, and cultures leads to the creation of better products and services. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  2  0  0

Tags: Compliance GCP Golang Heroku Pentesting Product security Security assessment SOC SOC 2 TypeScript Vendor management Vulnerabilities

Perks/benefits: Career development Competitive pay Equity / stock options Startup environment Team events

Regions: Remote/Anywhere Europe North America
Countries: Canada United States

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.