Product & Data Security Engineer (AppSec, DLP & Privacy)

About this role

Benefits:

• Competitive salary

About the Role

Location: Fully Remote (U.S.)
Start Date: ASAP
Compensation: Competitive / Market Rate

SMART TECH SKILLS is seeking a Product & Data Security Engineer to help embed Secure-by-Design and Privacy-by-Design principles directly into the software development lifecycle (SDLC).

In this role, you will work closely with engineering teams to automate application security and data protection controls through code, ensuring security guardrails are enforced consistently via CI/CD pipelines and Git-based workflows. The environment is Azure-native, fully automated, and operates under a GitOps model—with no manual configuration or console-based security controls.

This is a hands-on engineering role for someone who enjoys building scalable security platforms, tooling, and guardrails that developers use by default.

Key Responsibilities

Secure SDLC Automation

• Design, implement, and maintain automated **SAST, SCA, and API security pipelines** using GitHub Actions or equivalent CI/CD tooling
• Implement **policy-as-code** security gates to prevent insecure code from being merged or released
• Ensure security controls are enforced automatically throughout the SDLC

Data Loss Prevention (DLP) & Privacy

• Implement **source-level detection of PHI, PII, and secrets** within CI/CD pipelines
• Leverage regex-based and ML-based classifiers to identify sensitive data
• Prevent sensitive data from entering source code repositories or build artifacts

API & Transport Security

- Define and enforce Layer 7 security standards, including:
- TLS 1.3 and HSTS
- OAuth 2.0 / OIDC authentication flows
- Secure JWT lifecycle management
- Implement and enforce OpenAPI validation and linting policies

Data Protection Engineering

- Develop reusable, secure-by-default libraries for:
- Application-layer encryption
- Tokenization
- Data redaction and masking
- Enable development...