AppSec Jobs
← Back to all jobs

Redis

Senior Product Security Engineer

Canada, KYWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Redis

Redis is a private software company based in Mountain View, California, founded in 2011. Originally known as Garantia Data and later Redis Labs, the company is the official sponsor and commercial provider of the open-source Redis database. This in-memory NoSQL data structure store is recognized for its speed and versatility, making it a popular choice for real-time applications across various industries. The company offers several key products, including the open-source Redis database, Redis Enterprise, and Redis Modules. Redis Enterprise provides enhanced features such as high availability and scalability, available both on-premises and as a cloud service. Redis Modules extend the database's functionality for specialized use cases like graph databases and time-series data. Additionally, Redis offers managed cloud services to help customers deploy and manage their databases efficiently. With over 7,900 paying customers, Redis serves a diverse range of industries, including technology, finance, retail, and telecommunications. The company has played a significant role in the evolution of the Redis project and continues to advance its technology as a core infrastructure for real-time data processing.

Industry

information technology & services

Employees

900

406 engineers

Revenue

$154M

Website

Visit →

Security at Redis

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Redis's AppSec philosophy involves multiple forms of security testing, including "penetration tests, red team tests, code reviews, and vulnerability scanning."They maintain a "vulnerability disclosure program on HackerOne"and advise customers to "Only allow trusted identities to run Lua scripts or or any other potentially risky commands."The company emphasizes partnership and cross-team collaboration, with job postings stating, "Partner with security leadership to define and maintain team priorities"and responsibilities to "strengthen collaboration between Security, R&D, and CloudOps."Their risk philosophy includes "Cloud Security Monitoring and Response"and a focus on audits and appropriate safeguards.
  • Stated goals and pain points from job postings include "Vulnerability & Bug Bounty Management: Support vulnerability triage, remediation tracking, and coordination"and the need to "Develop and maintain dashboards or reports that track program health, remediation SLAs, and security maturity.".

Security Team

Riaz Lakhani is identified as Redis' CISO, and other company leadership like Rowan Trollope are publicly listed. Public job postings, such as for an Information Security Program Manager, describe roles that partner with Product Security and CloudOps, suggesting cross-functional security organization. However, information on the explicit AppSec team organizational chart, team size, or whether the model is embedded versus centralized is not publicly available. A LinkedIn search for "site:linkedin.com "Redis" "application security" OR "AppSec""did not yield authoritative headcount or a discrete AppSec team listing. As of, at least one security-focused job posting was found (Information Security Program Manager), but discrete AppSec-engineer postings were not found within the prioritized date range. Common skills in postings emphasize "Experience with bug bounty or responsible disclosure programs,"vulnerability triage, remediation tracking, and cross-team program management.

Key Initiatives

Redis's AppSec initiatives include publicly listed security testing types such as "penetration tests, red team tests, code reviews, and vulnerability scanning."They operate a "vulnerability disclosure program on HackerOne."Security advisories, like "Security Advisory: CVE-2025-49844,"are published on the Redis blog and authored by the CISO. Job postings indicate direct responsibility for "vulnerability triage, remediation tracking, and coordination of bug bounty and disclosure reports."However, information on a Security Champions Program, specific 'Shift Left' practices (IDE/pre-commit/CI specifics), or Secure SDLC artifacts (threat modeling, mandatory reviews) is not publicly available. The vulnerability management process has partial evidence, documenting testing types and a HackerOne process, but explicit SLAs, MTTR targets, or ticketing workflow details are not publicly available. Recent initiatives within the last 6 months include security advisories and legal/trust documentation, but specific new AppSec tool rollouts, program launches, or policy changes were not found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.