Staff Product Security Engineer

About the Role

The role of a Staff Product Security Engineer is multifaceted, requiring a deep understanding of software engineering, product security, and the ability to communicate complex technical details to both engineers and leadership. You will work closely with cross-functional teams, including engineering, product, and design, to identify and mitigate security risks. Your expertise will help drive the adoption of secure development practices and ensure that security is integrated into every stage of the product development lifecycle.

Reddit is committed to fostering a culture of security and trust, and this role is central to that effort. As a Staff Product Security Engineer, you will have the opportunity to make a significant impact on the company's security posture and contribute to the development of a more secure and trustworthy online community.

What You Will Do

• Build and evolve secure frameworks, guardrails, and library-level controls that make common vulnerability classes harder to introduce
• Design security controls for AI-assisted development, including reusable rule packs and skills that shape how engineers and coding agents generate, review, and ship code
• Embed security into the workflows engineers already use, ensuring that security is an integral part of the development process
• Drive product security reviews for new launches and major architectural changes, providing expert guidance and oversight
• Identify and eliminate systemic security debt, ensuring that security risks are addressed proactively
• Shape strategy, influence architecture, and drive execution across teams, collaborating with stakeholders to ensure security is a top priority
• Develop and maintain relationships with key stakeholders, including engineers, product managers, and designers, to ensure security is integrated into every stage of the product development lifecycle
• Stay up-to-date with emerging security threats and technologies, applying this knowledge to improve Reddit's security posture
• Collaborate with the security team to develop and implement security policies, procedures, and standards

What We Are Looking For

• 8+ years of experience in software engineering, product security, or application security, with at least 2 years operating at a staff level of scope and impact
• Proficiency in one or more languages, including Go, Python, or JavaScript
• Experience designing, building, and operating production-quality systems and developer-facing platforms
• Experience building secure frameworks, libraries, or guardrails that improve security across many teams at once
• Demonstrated ability to integrate security into developer workflows, including CI/CD, code review, release processes, and internal platforms
• Clear communicator who can explain technical detail and business impact to both engineers and leadership
• Comfortable in fast-moving environments where AI-assisted development is reshaping how software is built and reviewed
• Experience with vulnerability discovery and remediation pipelines, including bug bounty or researcher-reported findings
• Track record of mentoring engineers and raising the technical bar across a security or platform engineering organization

Nice to Have

• Experience securing AI and machine learning systems
• Knowledge of containerization and orchestration technologies, such as Docker and Kubernetes
• Familiarity with cloud-based security services and platforms, including AWS or Google Cloud
• Experience with security information and event management (SIEM) systems

Benefits and Perks

• Competitive salary and equity package
• Comprehensive health, dental, and vision insurance
• Flexible paid time off and holidays
• Remote work stipend and equipment allowance
• Professional development opportunities, including conference attendance and training
• Access to Reddit's internal learning and development platforms
• Collaboration with a talented and passionate team of engineers and security experts

• Demonstrate your ability to communicate complex technical details to both engineers and leadership, highlighting your experience with security frameworks and workflows.
• Showcase your proficiency in one or more programming languages, including Go, Python, or JavaScript, and highlight your experience with secure development practices.
• Emphasize your experience with vulnerability discovery and remediation pipelines, including bug bounty or researcher-reported findings, and your ability to identify and eliminate systemic security debt.
• Be prepared to discuss your experience with AI-assisted development and how you have integrated security into developer workflows, including CI/CD, code review, release processes, and internal platforms.
• Highlight your ability to collaborate with cross-functional teams, including engineering, product, and design, and demonstrate your understanding of the importance of security in the product development lifecycle.
• Prepare examples of your experience with security information and event management (SIEM) systems and your knowledge of cloud-based security services and platforms.
• Research Reddit's company culture and values, and be prepared to discuss how your skills and experience align with their mission and goals.