Sanity is seeking a Senior Product Security Engineer who can balance hands-on security work with holistic product security responsibilities. This role will be instrumental in strengthening and developing our security posture while also supporting compliance initiatives and vendor management. The ideal candidate will have strong technical security skills and the ability to manage programs across security, compliance, and vendor ecosystems.

Joining our security team means becoming part of something bigger than just fixing vulnerabilities or reviewing code. You will be empowering creators, developers, and businesses to focus on what they do best while you handle the invisible shield that protects their digital assets. We believe security should enable innovation rather than hinder it, and we're looking for someone who shares our passion for building secure systems that help our customers shine in the digital world.

About the role:

As a Senior Product Security Engineer at Sanity, you will directly strengthen our product security through hands-on security work. You will also manage critical compliance requirements and vendor security assessments. This role has the potential to make tangible improvements to our products, with company-wide impact.

This is not a Security Operations Center (SOC) role and does not require on-call, though your participation will be expected in order to address security incidents when they arise. You will focus on proactive security work integrated directly into our product development process, collaborating with teams to embed security from the beginning. Your contributions will strengthen our compliance posture, maintaining customer trust while supporting innovation.

This role reports directly to the head of SRE, and there is a clear path for growth with the opportunity to have a large impact in our organization.

What you would do:

  • Product Security Engineering
  • Proactively engage with product teams and contribute code fixes when necessary
  • Coordinate security pentesting activities and follow up on findings
  • Triage and respond to security issues and bug bounty reports
  • Review security requests for new libraries or vendors
  • Act as a security advisor for product development
  • Develop and maintain security tools and alerts

Holistic security responsibilities

  • Assist in managing and implementing the security aspects of our compliance program
  • Contribute to compliance and security related questions from customers (RFIs)
  • Support and lead vendor security assessments

About you:

  • Based in the US, Canada, or Europe
  • 5+ years of experience in security engineering roles as an individual contributor
  • Experience with product security principles and practices
  • Familiarity with GCP and BigQuery
  • Strong communication skills and ability to work with cross-functional teams and talk to customers
  • Self-motivated with excellent organizational and time management skills
  • Experience managing secrets and tokens in software environments

Nice to have:

  • Familiarity with the SOC 2 Type 2 compliance requirements and processes
  • Experience with Wazuh, Trivy, and other OSS security tools
  • Proficiency in TypeScript and Golang
  • Startup experience
  • Growth mindset

Not sure you’re exactly what we’re looking for in this role? Apply anyway!

What we can offer:

  • A highly-skilled, inspiring, and supportive team
  • Positive, flexible, and trust-based work environment that encourages long-term professional and personal growth
  • A global, multi-culturally diverse group of colleagues and customers
  • Comprehensive health plans and perks
  • A healthy work-life balance that accommodates individual and family needs
  • Competitive salary and stock options program