Software Product Security Engineer

Apply now »

Date: Mar 13, 2026

Location: Monterrey, NLE, MX

Company: Celestica International LP

Req ID: 133574 
Remote Position: No
Region: Americas 
Country: Mexico 
State/Province: Nuevo Leon 
City:  Monterrey 

General Overview

Functional Area:  Information Technology (ITM)
Career Stream:  IT Solutions (SOLN)
Role:  Specialist (SPE)
Job Title: Specialist, IT Solutions 
Job Code:  SPE-ITM-SOLN
Job Level:  Band 8
Direct/Indirect Indicator:  Indirect

Summary

A Software Product Security role (often called Product Security Engineer or ProdSec) is the bridge between traditional cybersecurity and software engineering. Unlike IT security, which focuses on protecting the company's internal network, Product Security focuses on ensuring the software the company sells or provides is resilient against attacks.

Detailed Description

The Product Security Engineer works directly with DevOps and Engineering teams to bake security into the Software Development Life Cycle (SDLC). The goal is to move security "left"—finding and fixing vulnerabilities during the design and coding phases rather than after the product has launched.

Knowledge/Skills/Competencies

    • Secure Design & Threat Modeling: Reviewing new features before a single line of code is written. You’ll identify potential attack vectors and suggest mitigations.

    • Vulnerability Management: Triaging bugs found via automated scanners, internal audits, or Bug Bounty programs.

    • Security Tooling: Implementing and managing tools like SAST (Static Analysis), DAST (Dynamic Analysis), and SCA (Software Composition Analysis) to catch insecure dependencies.

    • Code Reviews: Performing manual "deep dives" into critical codebases to spot logic flaws that automated tools might miss.

    • Incident Response: Acting as a subject matter expert when a security flaw is exploited in production.

    • Internal Red Teaming: Lead activities to find ways to bypass the logic to alter "Recipe" files or production data.

    Developer Training: Creating "Security Champions" programs to teach engineers how to write defensive code.

Physical Demands

  • Languages

    Proficiency in at least one "product" language (C# (.Net core) , JavaScript, SQL).

    Knowledge

    Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP).

    Tools

    Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security.

    Infrastructure

    Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI).

 

 

Typical Experience

  • 4 to 6 years; Experience in similar roles

Typical Education

  • Bachelor Degree or consideration of an equivalent combination of education and experience.

  • Educational Requirements may vary by Geography

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.

 

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

 

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.
 


Job Segment: Cloud, .NET, Software Engineer, Aerospace Engineering, Manufacturing Engineer, Technology, Engineering

Apply now »