Edtech.com's Summary

Grammarly is hiring a Lead Product Security Engineer to guide technical security strategies across multiple product lines. This role requires collaborating closely with product engineering teams to embed security throughout the software development lifecycle, developing security solutions, and advancing security tools and programs to protect user data and maintain trust.

Highlights

Lead the technical direction and prioritization for the Product Security team managing three product lines.
Collaborate with engineering teams to perform threat modeling, design reviews, secure code reviews, and manual vulnerability testing.
Develop and implement end-to-end security solutions across Grammarly's products.
Improve security tooling, automation, and oversee bug bounty programs.
Experiment with AI-based tools to accelerate security processes.
Engage with stakeholders to communicate security risks and maintain customer data security.
Require 7+ years experience securing applications at scale and familiarity with secure SDLC practices.
Knowledge of Product Security tools including SAST, DAST, and SCA, and programming skills in languages like Java, Python, JavaScript, or Go.
Experience managing vulnerability disclosure and participating in bug bounty platforms such as HackerOne or Bugcrowd.
Compensation in the U.S. ranges from $300,000 to $400,000 annually depending on location, with comprehensive health benefits, paid leave, and professional development opportunities.

Lead Product Security Engineer Full Description

Grammarly offers a dynamic hybrid working model for this role. This flexible approach gives team members the best of both worlds: plenty of focus time along with in-person collaboration that helps foster trust, innovation, and a strong team culture.

About Grammarly

Grammarly is the trusted AI assistant for communication and productivity, helping over 40 million people and 50,000 organizations do their best work. Companies like Atlassian, Databricks, and Zoom rely on Grammarly to brainstorm, compose, and enhance communication that moves work forward. Grammarly works where you work, integrating seamlessly with over 500,000 applications and websites. Founded in 2009, Grammarly is No. 7 on the Forbes Cloud 100, one of TIME’s 100 Most Influential Companies, one of Fast Company’s Most Innovative Companies in AI, and one of Inc.’s Best Workplaces.

The Opportunity

To achieve our ambitious goals, we’re looking for a Security Engineer to join our Product Security team. Our commitment to user trust is unwavering, and this new team member will play a crucial role in maintaining the trust of millions of users who rely on our products. You will work alongside our product engineering teams, building security into the product from the design phase and throughout the product development lifecycle.

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. You can hear more from our team on our technical blog.

As a Security Engineer in Product Security, you will:

Set the technical direction and prioritization for a Product Security team covering three separate product lines.
Collaborate with Product Engineering teams throughout the SDLC, creating Threat Models, conducting Design Reviews, Secure Code Reviews, and manual testing to identify vulnerabilities.
Develop and implement end-to-end security solutions to mitigate security risks in our suite of products.
Help drive improvements across our Product Security tooling, automation, and bug bounty program.
Experiment with and develop AI-based tools to enable the Security team to move even faster.
Be the voice of our customers, actively engaging stakeholders across engineering teams, communicating security risks and trade-offs while keeping customer data secure.

Qualifications

Has 7+ years of relevant experience in securing applications at scale.
Experience working at each touch-point in a secure SDLC: threat modeling, design reviews, secure code reviews, and web app pentesting.
Familiarity with the standard Product Security tool suite: SAST, DAST, and SCA.
Software engineering or programming experience in at least one language, such as Java, Python, JavaScript, or Go.
Experience managing vulnerability disclosure programs or conducting security research on bug bounty platforms such as HackerOne or Bugcrowd.
The ability to think like an adversary to identify risk, and then build like an engineer to mitigate those risks.
Excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
Has a demonstrated ability to work independently with minimal guidance, proactively manages tasks and priorities across multiple projects, analyzes and executes work efficiently, collaborates effectively with cross-functional teams, and thrives in fast-paced, results-driven environments.
Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
Is inspired by our MOVE principles: move fast and learn faster; obsess about creating customer value; value impact over activity; and embrace healthy disagreement rooted in trust.

Compensation and Benefits

Grammarly offers all team members competitive pay along with a benefits package encompassing the following and more:

Excellent health care (including a wide range of medical, dental, vision, mental health, and fertility benefits)
Disability and life insurance options
401(k) and RRSP matching
Paid parental leave
20 days of paid time off per year, 12 days of paid holidays per year, two floating holidays per year, and flexible sick time
Generous stipends (including those for caregiving, pet care, wellness, your home office, and more)
Annual professional development budget and opportunities

Grammarly takes a market-based approach to compensation, which means base pay may vary depending on your location. Our US locations are categorized into two compensation zones based on proximity to our hub locations.

Base pay may vary considerably depending on job-related knowledge, skills, and experience. The expected salary ranges for this position are outlined below by compensation zone and may be modified in the future.

United States:

Zone 1: $300,000 – $400,000/year (USD)

We encourage you to apply

At Grammarly, we value our differences, and we encourage all to apply—especially those whose identities are traditionally underrepresented in tech organizations. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, ancestry, national origin, citizenship, age, marital status, veteran status, disability status, political belief, or any other characteristic protected by law. Grammarly is an equal opportunity employer and a participant in the US federal E-Verify program (US). We also abide by the Employment Equity Act (Canada).

#LI-Hybrid

Original Job Description

About Grammarly

The Opportunity

As a Security Engineer in Product Security, you will:

Set the technical direction and prioritization for a Product Security team covering three separate product lines.
Collaborate with Product Engineering teams throughout the SDLC, creating Threat Models, conducting Design Reviews, Secure Code Reviews, and manual testing to identify vulnerabilities.
Develop and implement end-to-end security solutions to mitigate security risks in our suite of products.
Help drive improvements across our Product Security tooling, automation, and bug bounty program.
Experiment with and develop AI-based tools to enable the Security team to move even faster.
Be the voice of our customers, actively engaging stakeholders across engineering teams, communicating security risks and trade-offs while keeping customer data secure.

Qualifications

Has 7+ years of relevant experience in securing applications at scale.
Experience working at each touch-point in a secure SDLC: threat modeling, design reviews, secure code reviews, and web app pentesting.
Familiarity with the standard Product Security tool suite: SAST, DAST, and SCA.
Software engineering or programming experience in at least one language, such as Java, Python, JavaScript, or Go.
Experience managing vulnerability disclosure programs or conducting security research on bug bounty platforms such as HackerOne or Bugcrowd.
The ability to think like an adversary to identify risk, and then build like an engineer to mitigate those risks.
Excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
Has a demonstrated ability to work independently with minimal guidance, proactively manages tasks and priorities across multiple projects, analyzes and executes work efficiently, collaborates effectively with cross-functional teams, and thrives in fast-paced, results-driven environments.
Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
Is inspired by our MOVE principles: move fast and learn faster; obsess about creating customer value; value impact over activity; and embrace healthy disagreement rooted in trust.

Compensation and Benefits

Grammarly offers all team members competitive pay along with a benefits package encompassing the following and more:

Excellent health care (including a wide range of medical, dental, vision, mental health, and fertility benefits)
Disability and life insurance options
401(k) and RRSP matching
Paid parental leave
20 days of paid time off per year, 12 days of paid holidays per year, two floating holidays per year, and flexible sick time
Generous stipends (including those for caregiving, pet care, wellness, your home office, and more)
Annual professional development budget and opportunities

United States:

Zone 1: $300,000 – $400,000/year (USD)

We encourage you to apply

#LI-Hybrid

Let me find your next job.

Thanks - you're signed up.

Lead Product Security Engineer

Edtech.com's Summary

Lead Product Security Engineer Full Description

Program Coordinator I

SEN SOC Supervisor

IT Security Auditor

Application Security Manager (Technical Lead)

Application Security Manager (Technical Lead)