×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer AI Engineer

Senior Product Security Engineer

Job in Charlotte, Mecklenburg County, North Carolina, 28245, USA
Listing for: Credit Karma
Full Time position
Listed on 2026-03-12
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, AI Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Intuit Credit Karma is a mission-driven company, focused on championing financial progress for our more than 140 million members globally. While we're best known for pioneering free credit scores, our members turn to us for everything related to their financial goals, including identity monitoring, applying for credit cards, shopping for insurance and loans (car, home and personal) and savings accounts and checking accounts* – all for free.

Credit Karma has grown significantly through the years: we now have more than 1,700 employees across our offices in Oakland, Charlotte, Culver City, San Diego, London, Bangalore, and New York City.

* Banking services provided by MVB Bank, Inc., Member FDIC

We’re hiring a Senior Product Security Engineer to lead the design and deployment of security capabilities across both traditional application security and AI/ML systems. You’ll build and integrate security tooling leveraging open-source and vendor solutions to strengthen our Secure Development Lifecycle and vulnerability reduction efforts (including SAST, DAST, SCA, secrets scanning, and vulnerability management) while also securing the full AI lifecycle: data ingestion, training/fine-tuning, evaluation, model registry, inference, agentic workflows, and MCP servers/tools.

You’ll partner closely with product engineering, ML engineering, and platform teams to implement scalable controls, define standards, and operationalize continuous assurance across apps and AI systems, covering secure coding practices, supply chain integrity, identity and access controls, runtime protections, and AI-specific risks such as model security, prompt/tool safety, and AI pipeline governance.

What You’ll Do
  • Lead security architecture reviews and threat modeling across apps/APIs/cloud and AI/ML systems (agents, MCP servers, tool integrations, orchestration).
  • Implement security controls across the SDLC and AI lifecycle.
  • Build “secure-by-default” automation and guardrails (policy-as-code, CI/CD gates, least privilege/sandboxing, provenance verification).
  • Own and mature SAST/DAST/SCA and vuln management: tool tuning, pipeline integration, triage, remediation workflows, metrics/SLAs.
  • Evaluate and integrate OSS/vendor App Sec and AI security tooling (scanning, secrets, prompt safety, agent runtime monitoring, data leakage controls).
  • Deliver reusable secure patterns/SDKs and partner with platform teams on runtime hardening (IAM, secrets, Kubernetes, logging/monitoring, isolation).
  • Automate testing for OWASP and AI-specific risks; integrate into release gates and continuous monitoring.
  • Define standards aligned with enterprise policy and AISPM-style practices; enable teams and communicate risk/roadmaps to leadership.
What We’re Looking For
  • 6+ years in product/application security in large-scale systems.
  • Demonstrated experience building or operationalizing security tooling (CI/CD integrations, scanners, policy engines, security automation, detection/monitoring).
  • Strong foundation in security architecture, design reviews, and threat modeling for modern cloud-native systems.
  • Practical understanding of AI/ML systems and workflows: model development lifecycle, model registry/deployments, evals, vector databases/RAG, and agent frameworks.
  • Deep familiarity with common software vulnerabilities (OWASP Top 10) and modern cloud threats; strong ability to communicate risk to engineers.
  • Ability to collaborate with software engineers and ML engineers—meeting business goals while enforcing security requirements.
  • Experience applying security and compliance frameworks (examples: NIST, ISO 27001/27002 concepts, SOC2 controls, OAuth/OIDC, PCI where relevant).
  • Proficiency in one or more:
    Python, Go, Java, Type Script/Node, Rust, Scala.
What Would Be Great to See
  • Hands-on experience securing agentic workflows, tool calling, function execution, and MCP servers (or similar tool/plugin servers).
  • Experience with LLM platforms and deployments (e.g., GPT, Gemini, Claude, Llama) and associated security risks and mitigations.
  • Familiarity with AI threat landscape and testing approaches: prompt injection (direct/indirect), tool injection, RAG poisoning, data leakage, jailbreaks, model…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search