Senior Product Security Engineer
Remote in the United States, Canada or Europe
Sanity.io
Sanity is seeking a Senior Product Security Engineer who can balance hands-on security work with holistic product security responsibilities. This role will be instrumental in strengthening and developing our security posture while also supporting compliance initiatives and vendor management. The ideal candidate will have strong technical security skills and the ability to manage programs across security, compliance, and vendor ecosystems.
Joining our security team means becoming part of something bigger than just fixing vulnerabilities or reviewing code. You will be empowering creators, developers, and businesses to focus on what they do best while you handle the invisible shield that protects their digital assets. We believe security should enable innovation rather than hinder it, and we're looking for someone who shares our passion for building secure systems that help our customers shine in the digital world.
At Sanity.io, we are changing how forward-thinking companies like PUMA, Spotify, Figma, Riot Games, and Linear create digital experiences. Our content operating system replaces rigid legacy CMS solutions with a flexible, developer-first platform that gives engineers complete control to build without restrictions.
As a Senior Product Security Engineer at Sanity, you will directly strengthen our product security through hands-on security work. You will also manage critical compliance requirements and vendor security assessments. This role has the potential to make tangible improvements to our products, with company-wide impact.
This is not a Security Operations Center (SOC) role and does not require on-call, though your participation will be expected in order to address security incidents when they arise. You will focus on proactive security work integrated directly into our product development process, collaborating with teams to embed security from the beginning. Your contributions will strengthen our compliance posture, maintaining customer trust while supporting innovation.
This role reports directly to the head of SRE, and there is a clear path for growth with the opportunity to have a large impact in our organization.
What you would do:
Product Security Engineering
Proactively engage with product teams and contribute code fixes when necessary
Coordinate security pentesting activities and follow up on findings
Triage and respond to security issues and bug bounty reports
Review security requests for new libraries or vendors
Act as a security advisor for product development
Develop and maintain security tools and alerts
Holistic security responsibilities
Assist in managing and implementing the security aspects of our compliance program
Contribute to compliance and security related questions from customers (RFIs)
Support and lead vendor security assessments
About you:
Based in the US, Canada, or Europe
5+ years of experience in security engineering roles as an individual contributor
Experience with product security principles and practices
Familiarity with GCP and BigQuery
Strong communication skills and ability to work with cross-functional teams and talk to customers
Self-motivated with excellent organizational and time management skills
Experience managing secrets and tokens in software environments
Nice to have:
Familiarity with the SOC 2 Type 2 compliance requirements and processes
Experience with Wazuh, Trivy, and other OSS security tools
Proficiency in TypeScript and Golang
Startup experience
Growth mindset
Not sure you’re exactly what we’re looking for in this role? Apply anyway!
A highly-skilled, inspiring, and supportive team
Positive, flexible, and trust-based work environment that encourages long-term professional and personal growth
A global, multi-culturally diverse group of colleagues and customers
Comprehensive health plans and perks
A healthy work-life balance that accommodates individual and family needs
Competitive salary and stock options program
Sanity.io is a modern, flexible content operating system that replaces rigid legacy content management systems. One of our big differentiators is treating content as data so that it can be stored in a single source of truth, but seamlessly adapted and personalized for any channel without extra effort. Forward-thinking companies choose Sanity because they can create tailored content authoring experiences, customized workflows, and content models that reflect their business.
Backed by Netlify, Vercel, the founders of Twitter and Medium, Heroku’s ex-CEO, and leading VCs like ICONIQ Growth, Threshold Ventures, and Lead Edge Capital, Sanity is at the epicenter of the modern digital product development stack.
You can only build a great company with a great culture. Read about our values and join us in building a diverse and inclusive team.
Sanity.io pledges to be an organization that reflects the globally diverse audience that our product serves. We believe that in addition to hiring the best talent, a diversity of perspectives, ideas, and cultures leads to the creation of better products and services. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Compliance GCP Golang Heroku Pentesting Product security Security assessment SOC SOC 2 TypeScript Vendor management Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.