ShopBack Group
Tech / AI / Software
ProductSecurityEngineer
Neural analysis suggests this role is
optimal for Mid candidates.
“Product Security Engineer at ShopBack Group. Skills: Product Security, Application Security, Threat Modeling, Secure Design Reviews, Vulnerability Analysis, Secure Code Review, AI Tooling, AI Security Risks. Lead threat modeling and secure design reviews for new products, features, and architectural changes. Conduct secure code reviews and vulnerability analysis across our microservices, APIs, web, and mobile surfaces”
What You'll Achieve.
ship tooling, not just write tickets; produce actionable mitigations, not theoretical lists; focus on high-severity, high-impact findings and are allergic to low-severity noise; know when to push, when to accept a risk, and when to automate a decision; deliver maximum impact
Industry & Context.
identify and prioritizing risks, attack surfaces, and trust boundaries early in the SDLC; identify weak authentication, authorization gaps, data exposure risks, insecure integrations, and systemic issues; prioritizing findings using EPSS, CISA KEV, and business context; driving time-to-remediation through automation and partnership with engineering teams; blast radius analysis, root cause analysis, variant hunting
What They're Looking For.
Must Have
3 to 4 years of hands-on product or application security experience, securing cloud-native, microservices, and mobile applications in production environments, threat modeling skills — practiced with STRIDE, attack trees, or equivalent frameworks, Design review depth — able to read an architecture diagram or PRD and identify weak authentication, authorization gaps, data exposure risks, insecure integrations, and systemic issues, Vulnerability analysis and secure code review — proficient reviewing code (Node. js/TypeScript, Python, Go, or similar) for OWASP Top 10, business logic flaws, authz issues, and supply chain risks, Programming proficiency — at least one of Python, TypeScript/Node. js, or Go, Genuine fluency with modern AI tooling — you use LLMs, coding agents, and MCP-based tooling in your day-to-day security work, and can speak to concrete examples of leverage you've created with them, Understanding of AI/ML security risks — prompt injection, data exfiltration via agents, insecure tool use, model supply chain, and related attack classes, Builder mindset for AI-first security — excited by the idea of architecting security workflows with AI as a first-class capability rather than layering AI on top of existing processes only, Learning to Execution Mentality — With the evolving space of AI, you must keep up with the next-gen technology being released, cutting the noise and clutter, and applying those insights into tooling and processes, Pragmatic and high-signal — you focus on high-severity, high-impact findings and are allergic to low-severity noise, written communication — you can reduce a complex finding to a crisp risk statement, a clear recommendation, and a realistic remediation path for a busy engineering team, Collaborative by default — you drive outcomes through partnership with engineering, not gatekeeping, Comfortable with ambiguity and ownership
Nice to Have
Senior title preferred, Kubernetes a plus
What You'll Do.
Lead threat modeling and secure design reviews for new products
and architectural changes
Conduct secure code reviews and vulnerability analysis across our microservices
Build and evolve AI-powered agentic security tooling
Run and improve ShopBack's vulnerability management program
Support incident response for product security incidents
Partner with compliance on evidence and controls for multiple audits
How You'll Work.
Team & Collaboration
partner directly with engineering, SRE, and platform teams; Partner with engineers to drive remediation and uplift secure coding practices; drive outcomes through partnership with engineering, not gatekeeping; comfortable being the only security voice in a roomful of engineers and earning influence through substance
Communication Scope
written communication — you can reduce a complex finding to a crisp risk statement, a clear recommendation, and a realistic remediation path for a busy engineering team
Full Job Description
## Description Our Journey The ShopBack Group is Asia-Pacific’s leading shopping, rewards, and payments platform, serving over 60 million shoppers across 13 markets. In 2025, the Group continued its global growth with its expansion into North America. Driven by the vision to make every day more rewarding, ShopBack is dedicated to saving members money and time, and delivering delight every day. The platform also enables merchants and brands to engage with their members in a cost-effective manner. Founded in 2014, ShopBack now powers over US$5.5 billion in annual sales for over 20,000 online and in-store partners, and has rewarded shoppers with more than US$800 million (over S$1 billion) in Cashback to date. Through its innovative offerings, ShopBack continues to create value for both members and merchants. Notably, its payment solution, ShopBack Pay, offers members a convenient and rewarding payment option at checkout. About the Role We are hiring a Product Security Engineer to join our small, high-leverage Information Security team. In this hands-on role, you will partner directly with engineering, SRE, and platform teams to build security into every phase of the software development lifecycle from design through production. You will own threat modeling and secure design reviews for new features, lead vulnerability analysis and secure code reviews across our microservices and mobile applications, and help mature our AI-first security toolings. This is a builder role: we expect you to ship tooling, not just write tickets. ## Your Adventure Ahead Lead threat modeling and secure design reviews for new products, features, and architectural changes, identifying and prioritizing risks, attack surfaces, and trust boundaries early in the SDLC. Conduct secure code reviews and vulnerability analysis across our microservices, APIs, web, and mobile surfaces. Partner with engineers to drive remediation and uplift secure coding practices. Build and evolve AI-powered agentic secur
Applying for this Product Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Lever
- Lever uses a streamlined one-page form — apply in under 5 minutes.
- LinkedIn import works well; review parsed data before submitting.
- The cover letter field is optional but visible to reviewers — use it to differentiate.
- Referral codes from employees can significantly boost visibility of your application.
ANONYMOUS · UNFILTERED
What do employees actually say about ShopBack Group?
Real rants from real employees. Read before you apply.