[Hiring] Product Security Engineer @LaunchDarkly

Role Description

LaunchDarkly's Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You'll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.

LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You'll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.

You'll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team's plate and make our coverage deeper.

Responsibilities

• Lead threat modeling engagements on the features and services where the risk warrants it.
• Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.
• Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.
• Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
• Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.
• Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.
• Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.

Qualifications

• 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.
• Comfortable reading and critiquing pull requests in a modern stack. You don't need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.
• Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).
• Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.
• Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.
• Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.

Nice to Haves

• Experience with developer tools, SaaS platforms, or feature management.
• Bug bounty triage experience (HackerOne, Bugcrowd).
• Familiarity with Go, Python, or TypeScript.
• Contributions to internal security tooling or open-source security projects.

Pay

• Zone 1: San Francisco/Bay Area or NYC Metropolitan Area, Boston, Seattle - $136,000 - $187,000
• Zone 2: Irvine, LA, Monterey, Santa Barbara, Santa Rosa, Austin, Portland, Philadelphia, Chicago - $122,000 - $168,000
• Zone 3: All other US locations - $116,000 - $159,000

LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.

Company Description

Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong.

• Improving the velocity and stability of software releases, without the fear of end customer outages.
• Delivering targeted experiences by easily personalizing features to customer cohorts.
• Maximizing the business impact of every feature through the ability to experiment and optimize.
• Coordinating the release and optimization of software to provide consistent experiences across mobile platforms and device types.
• Improving the effectiveness and productivity of engineering teams, by providing insights into engineering cadence and stability.

At LaunchDarkly, we believe in the power of teams. We're building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company.