Staff Product Security Engineer - Customer Platform at Valon

ABOUT THE COMPANY Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate. Rather than build on top of broken legacy systems, we took a different approach: we built and operate our own mortgage servicing business managing $110+ billion in loans. This wasn't the end goal, it was how we deeply understood the complexity needed to build software that actually works in regulated industries. The results speak for themselves. We've transformed mortgage servicing from a 0% margin business into 60%+ margins while dramatically improving customer experience. Major enterprise contracts are now deploying across the industry. ValonOS is our unified platform that makes every process structured and programmable and it is perfectly positioned for the AI era. When everything flows through one system with rich data, AI agents don't just automate tasks, they continuously improve entire operations. Mortgage servicing is just the beginning of our vision to transform regulated industries and beyond. Security at Valon Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans. In addition to protecting Valon’s internal systems, the Security team partners closely with Product and Engineering to design and deliver secure, scalable, and trustworthy capabilities for ValonOS. We work cross-functionally across all teams at Valon to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture. Valon offices are located in New York City and San Francisco, but we fully support remote work! About the Role We are seeking a seasoned and highly skilled Staff Product Security Engineer - Customer Platform to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization's systems, cloud infrastructure, products, and data. This role blends product security architecture and technical control implementation, incorporating security by design into ValonOS. You will be hands-on and help shape how security is designed, built, and scaled across our SaaS platform both in foundational infrastructure and in customer-facing security features. Responsibilities - Define and evolve product security architecture and strategy for Valon’s multi-tenant SaaS platform - Architect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management) - Build and maintain security reference architectures and standardized secure design patterns for product teams - Lead threat modeling, security design and code reviews for new features, services, and major architectural changes - Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks - Support vulnerability triage, remediation strategy, and root cause analysis for product security issues - Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence - Develop, implement, and enforce security policies, standards, and procedures - Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes Ideal Background - Extensive experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities. - Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred). - Proven experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs). - Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring) - Demonstrated ability to build and maintain security reference architectures. - Expert-level experience leading threat modeling and security design reviews including security-focused code reviews. - Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts) - Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently. - Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders. - Prior software engineering experience and/or coding ability (Python) is preferred. - Experience working in high-growth or startup environments is a plus. Minimum Qualifications - 8+ years in progressive senior security engineering or architect level roles, with 3+ years leading security design for enterprise-grade cloud and SaaS platforms - Bachelor's degree in Information Security, Computer Science, Technology or related field - Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar) - Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others) - Hands-on experience with modern security technologies and tooling across cloud and application security Benefits - Base Compensation Band: $190K - $260K. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills - This Base Compensation pay range applies to our New York City located staff and may differ according to location. - Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan - Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits - Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient - Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback - Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners! - Generous time off: Flexible paid time off, sick days, and 11 company holidays - Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition Throughout the interview process, please remember that emails will only be from valon.com [Upgrade to PRO to see link] email addresses. We will never ask for any personally identifiable information during the interview process itself. Please reach out to [Upgrade to PRO to see contact] if you have any requests to verify the authenticity of an outreach. Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.