Senior Product Security Engineer

Senior Product Security Engineer – Penetration Testing and AI Security
Engineering & Technology, Kuala Lumpur, Malaysia

About Us:
At Sitecore, our mission is to simplify how brands reach, engage, and serve people by delivering intelligent, personalized digital experiences that connect the world. We empower the world's most iconic brands to build lifelong relationships with their customers—seamlessly, smartly, and at scale.

As the leading provider of agentic digital experience software, Sitecore brings together content, commerce, and data into one composable platform that enables brands to deliver millions of meaningful, adaptive experiences every day. Trusted by global leaders such as American Express, Porsche, Starbucks, and L'Oréal, Sitecore helps brands transform engagement through experiences that are not only personalized but predictive and dynamic.

Our foundation is our people—a diverse, passionate, and collaborative global team spanning over 25 countries. We believe that every experience matters, and that belief starts with how we work together.
Our values
guide how we lead, innovate, and connect. They are the behaviors that bring our mission and vision to life, every day, in every interaction.

As we continue to evolve, we are actively cultivating AI skills across our teams to unlock new levels of creativity, efficiency, and insight. From engineering to customer experience, AI capabilities are becoming integral to how we design, build, and deliver the next generation of digital experiences.

Learn more at

.

About the Role:
As a
Senior Product Security Engineer
with a focus on
Penetration Testing and AI Security
, you will play a critical role in identifying, exploiting, and mitigating vulnerabilities across Sitecore's platforms, infrastructure, and AI-driven features. You will work closely with product engineering teams, cloud operations, and compliance stakeholders to ensure our systems are resilient against evolving threats, including those introduced by AI technologies.

What You'll Do:
Penetration Testing & Vulnerability Assessment

• Perform advanced penetration tests on Sitecore products, services, and cloud environments.
• Simulate real-world attack scenarios to identify weaknesses in applications, APIs, and infrastructure.
• Develop and maintain automated testing frameworks for continuous security validation.

AI Security Testing

• Assess AI/ML models and pipelines for adversarial vulnerabilities, data poisoning, and model inversion risks.
• Evaluate prompt injection, jailbreak attempts, and other LLM-specific attack vectors.
• Collaborate with AI engineering teams to implement robust security controls for AI-driven features.

Security Research & Threat Modelling

• Stay ahead of emerging threats, attack vectors, exploit techniques, including AI-related risks.
• Conduct threat modelling for new features and architectures.

Collaboration & Remediation

• Work with engineering teams to prioritize and remediate vulnerabilities.
• Provide actionable guidance and best practices for secure coding and architecture.

Reporting & Compliance

• Document findings with detailed technical reports and executive summaries.
• Support compliance initiatives (ISO 27001, SOC 2, GDPR) through security testing and evidence collection.

WAF Administration

• Manage and optimize WAF configurations for security and performance.
• Implement and maintain WAF (Web Application Firewall) rules, DDoS protection, and bot mitigation.
• Collaborate with DevOps and infrastructure teams to ensure WAF integration aligns with security architecture.

What You Need to Succeed:

• 8+ years in security engineering with a strong focus on penetration testing.
• Hands-on experience with AI security testing or adversarial ML techniques is a strong plus.
• Expertise in tools such as Burp Suite, Metasploit, Nmap, and custom exploit development.
• Strong knowledge of OWASP Top 10, SANS CWE, and secure coding principles.
• Familiarity with AI/ML frameworks (TensorFlow, PyTorch) and LLM security considerations.
• Cloud security (Azure preferred) and containerized environments (Docker/Kubernetes).
• Comfortable working in a fast-paced, dynamic environment with shifting priorities.

Additional Skills That Could Set You Apart:

• Familiarity with headless CMS architecture, front-end frameworks, and web technologies.
• OSCP, CRTO, GPEN or similar advanced penetration testing certifications.
• AI security certifications or demonstrated research in adversarial ML.
• CISSP or equivalent for broader security knowledge.

Why Sitecore?
At Sitecore, we offer a vibrant work culture, a collaborative environment, and the opportunity to work on products that shape digital experiences globally. We're dedicated to fostering growth, innovation, and a commitment to our employees' professional and personal development. Be part of a visionary, innovation-driven team shaping the next era of AI-powered content management in a leading composable DXP.

Sitecore is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without unlawful regard to race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability, veteran status or any other local legally protected characteristic.

Carmen Cheong