Who We Are MAS Global Consulting is a U.S.-based software engineering, data, and AI solutions firm known for combining engineering excellence, agility, and purpose. We partner with innovative companies to build secure, scalable, and high-impact technology platforms while fostering a people-first culture where talent can thrive. At MAS Global, we value ownership, collaboration, and continuous improvement. Our teams work on complex, real-world challenges and play a critical role in shaping secure, modern digital products used at scale. Who You Are You are a Product Security Engineer who is passionate about building secure systems from the ground up. You think proactively about risk, enjoy collaborating with product and engineering teams, and believe security should be embedded throughout the entire development lifecycle—not added at the end. You are comfortable reviewing architecture and code, conducting threat modeling, advising on secure design decisions, and driving security improvements across multiple teams. You enjoy breaking down complex problems, automating where possible, and influencing teams through both technical expertise and clear communication. Soft Skills You Bring: + Strong communication + Problem-solving mindset + Analytical thinking + Proactivity + Attention to detail + Adaptability + Ability to work cross-functionally + Ownership and accountability What You’ll Do + Own and evolve the third-party security review process, ensuring vendor implementations meet security standards. + Analyze and document data flows between internal systems and third parties; identify risks related to data access, fields, and handling, and drive remediation efforts. + Partner closely with product and engineering teams to ensure security is embedded across the entire product development lifecycle. + Conduct threat modeling sessions to identify, document, and mitigate product risks. + Review product architectures to ensure systems are designed and implemented securely. + Identify opportunities to automate security processes and improve efficiency. + Assist product teams in creating security-focused test cases to enforce security requirements. + Advise teams early in the development lifecycle on business and technical security requirements. + Review and analyze source code to identify vulnerabilities and recommend secure implementations. + Identify emerging classes of vulnerabilities and proactively design solutions before they become issues. + Decompose large, cross-team security initiatives into actionable tasks, manage scope, and drive projects to completion. + Act as a security advocate, representing security practices internally and, when appropriate, externally. What You BringRequired Experience What You Bring + 8+ years of experience in security engineering with a strong blue team / product security focus. + Proven experience with threat modeling for complex, distributed systems, including system integrations, authentication and authorization (SAML, OAuth2), and data flow analysis. + Deep understanding of web application architecture, secure design principles, and common vulnerabilities and mitigations (OWASP, SANS). + Experience securing cloud-based services and working in PCI or other regulated environments. + Experience with Python, Java, AWS, or Azure, and understanding of CI/CD processes from a security perspective. + Strong organizational skills managing cross-team security initiatives. + Bachelor’s degree in a related field or equivalent experience. + English proficiency at B2 level or higher. Preferred Experience + Experience with third-party/vendor security reviews. + Familiarity with common vulnerability classes and mitigation strategies. + Experience automating security workflows or controls. + Background working in cross-team, large-scale engineering environments. + Experience influencing security practices through documentation, guidance, and enablement rather than enforcement alone. Powered by JazzHR