• Remote
  • Remote



Company Overview

GRIN is the pioneer behind the world’s first Creator Management platform, designed for the next generation of brands who recognize that, in the creator economy, authenticity is everything. Our platform supports every brand’s journey to connecting with consumers through authentic creator relationships and is listed #1 across all top review sites including Capterra, G2 Crowd and Influencer Marketing Hub. Thousands of the world’s fastest-growing brands – including SKIMS, Warby Parker, Allbirds, Mejuri, and MVMT – use GRIN to make creators feel like trusted, empowered partners and work with them to build their brands into household names. Together, we are revolutionizing the Creator Economy. GRIN is headquartered in Sacramento, CA, yet has a “Remote First” work policy and culture, meaning remote work is the default. Our Core Business Hours are 9am-3pm PST, so we expect all of our employees to work at least during those hours and are flexible on the rest of your hours.


Our culture is a team-first mentality built on the Core Values of IntegrityHumilityTake ActionThink Big, and Ownership and shared by every single employee. At GRIN, we expect everyone to do the right thing, which instills trust and allows us to tackle the big issues and make things happen. We move fast, because in our industry, time is our biggest opponent. We aren’t afraid to ship quickly and make changes down the road. We empower our employees to make decisions with no red tape and no fear of reprisal, as long as they take ownership and adapt along the way.


GRIN is seeking a Product Security Engineer to cultivate a security first mindset within our engineering organization. As a Product Security Engineer at GRIN, you’ll partner with our DevOps, Engineering, and Development teams to engineer, develop, build, manage, maintain and implement secure solutions from the ground up. You will drive the development and adoption of application security standards, best practices and technologies within GRIN’s products and cloud infrastructure to ensure that the GRIN solution is highly secure and complies with industry standards and regulations. 

To be successful in this role, you should have knowledge gained from securing a SaaS on AWS that includes a breadth and depth in the latest application security best practices, tactics, tests, & solutions. You should also have experience & enjoy enabling developers to develop secure code, DevSecOps & ultimately a resilient, secure SaaS.

We are a fast-paced, fun organization going through rapid growth and solving technical challenges at an exponential scale. This is a rare opportunity to join a high growth startup and have a career changing impact on an ambitious tech startup. 

What You’ll Do:

  • Drive the development and adoption of application security standards, best practices and technologies within GRIN’s products and cloud infrastructure to enable security and privacy by design and ultimately a highly secure and compliant SaaS
  • Enable DevSecOps at GRIN by working with Engineering Operations, Site Reliability Engineering, & Product Engineering teams to implement & maintain application security throughout the SDLC & into the GRIN Platform
  • Collaborate with Product Management & Engineering on security related feature & functionality in the GRIN Platform
  • Perform architecture and product design reviews, cloud security application assessments, and application threat modeling throughout the GRIN organization and software development lifecycle
  • Contribute to the development & maturity of the application & infrastructure secure reference architecture.
  • Champion the GRIN secure SDLC. This includes security testing, penetration testing, & identifying & remediating vulnerabilities in software, applications & cloud environments.
  • Act as a ‘security consultant’ & ‘trusted advisor’ throughout the organization, but especially to software architects and engineers, proactively making recommendations around secure software development and secure coding practices to integrate secure by design principles.
  • Provide Application Security Education & Enablement to developers on software security best practices – teaching them to build, break & remediate all with security & privacy by default.

What You’ll Bring:

  • 4+ years of experience as a product security engineer or application security engineer working with high growth organizations, large scale distributed systems & teams; preferably in a SaaS environment.
  • 2+ years of software development experience
    • PHP preferred
  • Experience with implementing application security testing throughout the SDLC for an agile engineering organization.
  • Experience with securing full stack for a SaaS.
  • OWASP top 10 expert – for Web Applications & APIs
  • Experience with developing cloud native application security solutions, securing Infrastructure as Code, API security, SaaS vulnerability research, and penetration testing cloud architectures/applications.
  • Excellent communication skills, both verbal and written; ability to condense complex information into simple language for the appropriate audience.

We recognize the imposter syndrome might show its head as you read through this job description and although you might not check every box, we don’t want to miss out on the possibility of speaking with a perfectly imperfect candidate. So if you think you have what it takes – apply today and let’s discuss!


  • Competitive salary
  • 16 days of PTO + 10 Sick Days + 14 paid holidays
  • Medical, Dental and Vision insurance
  • 401(k) program plus match
  • Paid Child Bonding Leave
  • Home Office set up
  • Career Development Reimbursement
  • Employee Stock Option Program
  • Career path opportunities in a great startup environment
  • Tons of growth opportunity

To apply for this job please visit grin.co.