Sr. Product Security Engineer at Yipitdata

About Us: YipitData is the leading market research and analytics firm for the disruptive economy and most recently raised $475M from The Carlyle Group at a valuation of over $1B. Every day, our proprietary technology analyzes billions of alternative data points to uncover actionable insights across sectors like software, AI, cloud, e-commerce, ridesharing, and payments. Our data and research teams transform raw data into strategic intelligence, delivering accurate, timely, and deeply contextualized analysis that our customers—ranging from the world’s top investment funds to Fortune 500 companies—depend on to drive high-stakes decisions. From sourcing and licensing novel datasets to rigorous analysis and expert narrative framing, our teams ensure clients get not just data, but clarity and confidence. We operate globally with offices in the US (NYC, Austin, Miami, Mountain View), APAC (Hong Kong, Shanghai, Beijing, Guangzhou, Singapore), and India. Our award-winning, people-centric culture—recognized by Inc. as a Best Workplace for three consecutive years—emphasizes transparency, ownership, and continuous mastery. What It’s Like to Work at YipitData: YipitData isn’t a place for coasting, it’s a launchpad for ambitious, impact-driven professionals. From day one, you’ll take the lead on meaningful work, accelerate your growth, and gain exposure that shapes careers. Why Top Talent Chooses YipitData: • Ownership That Matters: You’ll lead high-impact projects with real business outcomes • Rapid Growth: We compress years of learning into months • Merit Over Titles: Trust and responsibility are earned through execution, not tenure • Velocity with Purpose: We move fast, support each other, and aim high—always with purpose and intention If your ambition is matched by your work ethic—and you're hungry for a place where growth, impact, and ownership are the norm—YipitData might be the opportunity you’ve been waiting for. About The Role: We are seeking a Sr. Product Security Engineer to manage the day-to-day execution of the organization's vulnerability management program and provide hands-on support for secure software development lifecycle (SSDLC) and CI/CD security initiatives. This role works closely with the DevSecOps Lead, Engineering, Platform Team, and Security to ensure vulnerabilities are tracked from discovery through remediation, security controls are functioning as intended, and findings are reported with clear accountability. The Security Operations Engineer translates security requirements into operational workflows, managing intake queues, enforcing SLAs, coordinating remediation with engineering teams, and producing the dashboards and reports that give leadership visibility into security posture. This is a remote-friendly opportunity that can sit in NYC (where our headquarter is located), one of our office hubs in Austin, Miami, Los Angeles (CA), and Cupertino (CA), or anywhere else in the US. However, depending upon where the remote work is performed, income could be subject to New York State tax withholding. We expect U.S. based working hours with the majority of the team working East and Central Time Zones. As Our Sr Product Security Engineer You Will: • Vulnerability Management Operations • Own the end-to-end vulnerability lifecycle: intake, triage, assignment, remediation coordination, verification, and closure across all finding sources (dependency scanning, secrets scanning, IaC scanning, container scanning, SAST, DAST, and manual assessments). • Enforce severity-based SLAs, escalation paths, and ownership expectations. Track remediation timelines and follow up with engineering teams to ensure findings are resolved within policy requirements. • Aggregate findings centrally from all scanning tools and sources into a unified tracking system. Ensure every finding has a clear owner, status, and target remediation date. • Manage exception and risk acceptance workflows. Process exception requests, document compensating controls, and ensure approvals are captured with appropriate evidence. • Produce vulnerability posture reports and dashboards, including aging analysis, SLA compliance, scanner coverage, and trend reporting by severity, team, and business unit. • Coordinate with engineering teams on remediation prioritization, providing context on severity, exploitability, and business impact to support informed decision-making. • Drive reduction of aging findings through proactive follow-up, workflow automation, and escalation when remediation stalls. • CI/CD Security Control Support • Assist the DevSecOps Lead with implementation of baseline security controls such as branch protection, admin enforcement, pull request requirements, review approvals, code owners, secrets scanning, SCA, IaC scanning, and container image scanning. • Help integrate controls into repositories, CI/CD pipelines, registries, and deployment workflows as directed by the DevSecOps Lead and Platform Team. • Validate that controls are functioning as intended, producing actionable findings, and are difficult to bypass. Report gaps or misconfigurations to the DevSecOps Lead. • Assist with onboarding new teams to the secure pipeline by providing hands-on support, troubleshooting, and guidance based on approved templates and reference implementations. • SSDLC Support • Support the DevSecOps Lead in maintaining and socializing the Secure Software Development Lifecycle policy and implementation guide. • Help maintain templates, configuration standards, and setup guidance for teams adopting SSDLC controls. • Assist with reference repository maintenance, ensuring it stays current with approved Phase 1 controls and serves as useful onboarding documentation. • Participate in office hours, reviews, and implementation support sessions to help business units adopt secure development practices. • Reporting, Metrics, and Audit Support • Own vulnerability management metrics and reporting, including finding counts by severity, aging, SLA compliance, remediation rates, and scanner coverage. • Contribute to broader security metrics such as control coverage, adoption rates, and exception tracking as directed by the DevSecOps Lead. • Prepare audit-ready evidence related to vulnerability management — demonstrating that findings are tracked, SLAs are enforced, and remediation is verified. • Support the DevSecOps Lead in preparing leadership updates, compliance evidence, and cross-functional communications. You Are Likely To Succeed If: • 3–6 years of experience in security operations, vulnerability management, application security, DevSecOps, or a related security engineering role. • Hands-on experience with vulnerability management workflows — intake, triage, assignment, remediation tracking, and reporting. • Working knowledge of common scanning tools and finding types, including dependency scanning (SCA), secrets scanning, IaC scanning, container scanning, and/or SAST/DAST. • Familiarity with Git-based workflows, CI/CD systems, and cloud-native development environments. • Experience producing security metrics, dashboards, and reports for technical and leadership audiences. • Strong organizational and follow-through skills — ability to track many findings across multiple teams and drive them to resolution. • Clear written and verbal communication skills with the ability to coordinate across engineering, security, and business teams. Preferred Qualifications: • Experience with vulnerability aggregation platforms or security finding management tools. • Familiarity with GitHub Enterprise, GitHub Actions, or similar CI/CD platforms. • Experience supporting SOC 2 or similar audit and compliance requirements, particularly around vulnerability management evidence. • Exposure to ticketing system integrations (e.g., Jira) for vulnerability assignment and tracking workflows. • Familiarity with supply chain security concepts including SBOMs, image signing, and artifact integrity. • Relevant Certifications (preferred, not required): GSEC, Certified DevSecOps Professional (CDP), CISSP, CSSLP, or SSCP What We Offer: • We care about your personal life, and we mean it. We offer flexible work hours, flexible vacation, a generous 401K match, parental leave, team events, wellness budget, learning reimbursement, and more! • Your growth at YipitData is determined by the impact that you are making, not by tenure, unnecessary facetime, or office politics. Everyone at YipitData is empowered to learn, self-improve, and master their skills in an environment focused on ownership, respect, and trust. See more on our high-impact, high-opportunity work environment above! • The annual on-target earnings for this position is anticipated to be up to $215k - $230k. The final offer may be determined by a number of factors, including, but not limited to, the applicant's experience, knowledge, skills, abilities, as well as internal team benchmarks. • The compensation package also includes equity. Please note that for this position, we are not able to consider candidates who currently or in the future will require visa sponsorship. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal-opportunity employer. Job Applicant Privacy Notice <img height="1" width="1" style="display:none;" alt="" src="[Upgrade to PRO to see link]" />