Product Security Engineer – Devsecops
About the Role
Adobe's Product and Software Security Team is seeking a Security Engineer with deep penetration testing expertise and a strong DevSecOps background to drive both hands-on Adversarial testing and the integration of security across Adobe's software development lifecycle. The role spans security assessments of web, mobile, and desktop applications, cloud environments, AI/LLM systems, and supporting infrastructure, alongside building and operating the security guardrails embedded into CI/CD pipelines.
The successful candidate will lead end-to-end engagements, deliver findings with clear risk assessments and actionable remediation, and partner with engineering teams to ship secure-by-default software at scale.
What You’ll Do Conduct penetration tests on AI/LLM systems (prompt injection, model poisoning, jailbreaks, etc.), web applications, APIs, mobile apps, cloud infrastructure, containers, and supporting infrastructure. Identify and exploit vulnerabilities including authentication/authorization flaws, business logic issues, injection, SSRF, deserialization, and chained attacks. Embed security controls into CI/CD pipelines: SAST, DAST, SCA, secrets scanning, and container/image scanning as first-class pipeline gates. Design and operate DevSecOps automation across cloud environments (AWS, Azure, GCP): policy-as-code, infrastructure-as-code scanning, and automated security guardrails. Develop custom scripts and tooling using Python, Go, or PowerShell to automate testing, validation, and pipeline integration. Partner with engineering teams on threat modeling, security code review, and secure-by-default architecture. Build the feedback loop from security findings back into preventive controls so the same class of bug doesn't ship twice. Deliver clear, actionable reports and provide remediation guidance to engineering and product teams. Manage the full lifecycle of penetration testing engagements from scoping to execution and delivery. Research emerging AI/ML exploits, cloud-native attack techniques, and supply chain risks to stay ahead of threats. Enhance testing methodologies and contribute to the internal knowledge base.
Requirements 4+ years of combined experience in penetration testing and DevSecOps, with meaningful depth in both - not just one. Hands-on pentest experience across web apps, APIs, mobile, and cloud environments. You can find and exploit, not just scan and report.
Proven track record integrating security tooling (SAST, DAST, SCA, secrets, container/image scanning) into CI/CD pipelines in production environments. Understanding of AI/ML security, LLM vulnerabilities, and prompt engineering attacks. Strong knowledge of OWASP Top 10, OWASP API Top 10, and OWASP LLM Top 10. Programming/scripting in at least one language: Python, Bash, PowerShell, Go, JavaScript. Ability to read and understand source code, trace execution flows, and dynamically exploit vulnerabilities during live assessments. Understanding of secure coding practices and common code-level vulnerabilities. Strong experience with cloud security (AWS, Azure, GCP) and containers (Docker, Kubernetes). Familiarity with infrastructure-as-code (Terraform, CloudFormation) and policy-as-code frameworks. Knowledge of attack vectors, exploits, vulnerability exploitation, and chained attacks. Strong written and verbal communication skills with ability to explain findings to technical and non-technical audiences.
Preferred Strong academic background (Master's degree) in IT, Computer Science, or related fields. Certifications: OSCP, OSWE, OSEP, GXPN, GPEN, GWAPT, CRTP, eJPT, CREST, CISSP, or equivalent. Published CVEs demonstrating research capability. Bug bounty or Capture The Flag (CTF) experience. AI/ML security research experience. Advanced exploitation experience and custom tooling development. Threat modeling and secure DevOps knowledge at enterprise scale. Experience with AI-assisted security tooling (LLM pipelines, RAG, agentic workflows) for vulnerability discovery or triage. Open-source contributions or technical writing on offensive security, DevSecOps, or AI security.
About Adobe
Adobe empowers everyone to create through innovative platforms and tools that unleash creativity, productivity and personalized customer experiences. Adobe’s industry-leading offerings including Adobe Acrobat Studio, Adobe Express, Adobe Firefly, Creative Cloud, Adobe Experience Platform, Adobe Experience Manager, and GenStudio enable people and businesses to turn ideas into impact, powered by AI and driven by human ingenuity.
Our 30,000+ employees worldwide are creating the future and raising the bar as we drive the next decade of growth. We’re on a mission to hire the very best and believe in creating a company culture where all employees are empowered to make an impact. At Adobe, we believe that great ideas can come from anywhere in the organization. The next big idea could be yours.
** Let’s Adobe together**
At Adobe, we believe in creating a company culture where all employees are empowered to make an impact. Learn more about Adobe life, including our values and culture, focus on people, purpose and community, Adobe for All, comprehensive benefits programs, the stories we tell, the customers we serve, and how you can help us advance our mission of empowering everyone to create.
Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other protected characteristic. Learn more.
Adobe aims to make our Careers website and recruiting process accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call +1 408-536-3015.
AI Use Guidelines for Interviews: Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work, your application may not move forward in the process.
At Adobe, we empower employees to innovate with AI — and we look for candidates eager to do the same. As part of the hiring experience, we provide clear guidance on where AI is encouraged during the process and where it’s restricted during live interviews. See how we think about AI in the hiring experience.