Product & Data Security Engineer (AppSec, DLP & Privacy)

Job DescriptionBenefits:

Competitive salary

About the Role

Location: Fully Remote (U.S.)

Start Date: ASAP

Compensation: Competitive / Market Rate

SMART TECH SKILLS is seeking a Product & Data Security Engineer to help embed Secure-by-Design and Privacy-by-Design principles directly into the software development lifecycle (SDLC).

In this role, you will work closely with engineering teams to automate application security and data protection controls through code, ensuring security guardrails are enforced consistently via CI/CD pipelines and Git-based workflows. The environment is Azure-native, fully automated, and operates under a GitOps modelwith no manual configuration or console-based security controls.

This is a hands-on engineering role for someone who enjoys building scalable security platforms, tooling, and guardrails that developers use by default.

Key Responsibilities

Secure SDLC Automation

Design, implement, and maintain automated SAST, SCA, and API security pipelines using GitHub Actions or equivalent CI/CD tooling

Implement policy-as-code security gates to prevent insecure code from being merged or released

Ensure security controls are enforced automatically throughout the SDLCData Loss Prevention (DLP) & Privacy

Implement source-level detection of PHI, PII, and secrets within CI/CD pipelines

Leverage regex-based and ML-based classifiers to identify sensitive data

Prevent sensitive data from entering source code repositories or build artifactsAPI & Transport Security

Define and enforce Layer 7 security standards, including:

TLS 1.3 and HSTS

OAuth 2.0 / OIDC authentication flows

Secure JWT lifecycle management

Implement and enforce OpenAPI validation and linting policiesData Protection Engineering

Develop reusable, secure-by-default libraries for:

Application-layer encryption

Tokenization

Data redaction and masking

Enable development teams with secure tooling that minimizes frictionSoftware Supply Chain Security

Generate Software Bills of Materials (SBOMs) for every build

Sign and attest to build artifacts

Enforce artifact provenance and integrity verification through CI/CD pipelinesRequired Qualifications

5+ years of experience in Application Security, Product Security, or Software Engineering

Strong hands-on experience with CI/CD security automation

Experience using GitHub Actions or comparable CI/CD platforms

Proven experience implementing secret detection and DLP tooling

Solid understanding of API security, OAuth 2.0, and OIDC frameworks

Strong programming skills in Python, Go, or TypeScriptPreferred Qualifications

Experience building security automation in GitOps-based environments

Azure-native cloud security experience

Experience designing or implementing secure development frameworks for enterprise applications

Familiarity with AI-assisted or developer productivity security workflowsSuccess Metrics

90%+ of repositories protected by automated DLP and secret scanning

100% API compliance with standardized authentication and security patterns

Significant reduction in high and critical application-layer vulnerabilitiesWhy Join SMART TECH SKILLS

Work on modern, cloud-native security challenges at scale

Build security platforms that directly enable and protect developers

Collaborate with engineering teams focused on automation and quality

Fully remote role with long-term growth potential

This is a remote position.

Permanent