Cybersecurity Engineer II, Product Security (REMOTE)
With a career at The Home Depot, you can be yourself and also be part of something bigger.
Position Purpose:
As a Product Security Engineer, you will act as a dedicated security partner for a specific business portfolio. You won’t just be finding bugs; you will be building a "Secure Flow" (paved path) that integrates security directly into the developer workflow. You will lead a portfolio to establish a scalable operating model, ensuring that every application—whether in-house, SaaS, or COTS—is visible, assessed, and secured.
Key Responsibilities:
- 100% Deliver Execution & Problem Solving - Collaborate with Enterprise Technology to configure and integrate cybersecurity systems that mitigate risk; Troubleshoot and quickly resolve escalated incidents; Design, build, configure, maintain, monitor cybersecurity threat defense capabilities and user access management; Coordinate integration and collaboration with managed security providers; Investigate and recommend corrective actions related to incidents
Direct Manager/Direct Reports:
- This position typically reports to Manager or Sr. Manager
- This position has 0 Direct Reports
Travel Requirements:
- No travel required.
Physical Requirements:
- Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Working Conditions:
- Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Minimum Qualifications:
- Must be eighteen years of age or older.
- Must be legally permitted to work in the United States.
- 3–5 years of experience in Product Security, Application Security (AppSec), or DevSecOps.
- Hands-on experience integrating and managing security scanning tools such as SAST, DAST, and secret scanning within CI/CD pipelines and source code repositories.
- Experience conducting threat modeling for applications and identifying design-level security risks.
- Ability to interpret security tool findings and partner with engineering teams to remediate Critical and High-risk vulnerabilities.
- Strong communication skills with the ability to clearly explain technical security risks to non-security stakeholders.
Preferred Qualifications
- Experience with SaaS Security Posture Management (SSPM) tools and validating security coverage across a SaaS application portfolio.
- Proficiency with formal threat modeling methodologies such as STRIDE, PASTA, or similar frameworks.
- Experience working closely with architects and engineering leaders to influence secure design decisions early in the development lifecycle.
- Demonstrated ability to build trusted relationships with engineering and product stakeholders and promote a “Secure from Start” mindset.
- Experience maintaining security metrics or scorecards and presenting security posture and remediation progress to leadership or portfolio stakeholders.
- Strong ability to position security as an enabler of developer velocity and business outcomes, not just risk reduction.
Minimum Education:
- The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.
Preferred Education:
- No additional education
Minimum Years of Work Experience:
- 2
Preferred Years of Work Experience:
- No additional years of experience
Minimum Leadership Experience:
- None
Preferred Leadership Experience:
- None
Certifications:
- None
Competencies:
- Action Oriented
- Collaborates
- Communicates Effectively
- Customer Focus
- Drives Results
For California, Colorado, Connecticut, Rhode Island, Nevada, New York City, Ithaca (NY), Westchester County (NY), and Washington residents: