Principal Product Security Engineer

2 days ago

Berlin, Germany or London, United KingdomStaff+

Responsibilities

Identify security anti-patterns in codebases and drive initiatives to address them.
Guide teams on the safe use of AI in products and the Software Development Lifecycle.
Automate security processes in the Software Development Lifecycle and CI/CD pipelines.
Secure AWS, GCP, and on-prem infrastructure with proper access controls.
Conduct secure code reviews and threat modeling exercises.
Define and oversee processes in the Vulnerability Management Program.
Triage and remediate submissions from the external bug bounty program.
Participate in the security incident response process.
Make recommendations to improve consumer security on the platform.
Promote security best practices through educational initiatives.
Improve internal tooling, processes, and documentation.
Help define the Product Security program and team strategy.
Mentor and onboard team members.

8+ years of product or application security experience or relevant software engineering experience.
Deep expertise in designing secure architecture.
Enthusiasm for collaborating with engineering and product teams on security issues.
Experience conducting threat modeling exercises and secure code reviews.
Experience configuring DevSecOps tools like SAST and SCA.
Experience managing bug bounty programs.
Familiarity with programming languages such as Javascript, Go, Ruby, Python, or Scala.
Experience with cloud providers like AWS and GCP.
Familiarity with IaC tools such as Terraform and CloudFormation.
Ability to communicate risk to technical and non-technical audiences.
Experience with data analysis (SQL) for vulnerability assessment.
Knowledge of security frameworks and regulations like GDPR and OWASP is a plus.
Experience with vulnerability management is a plus.
Experience with threat modeling for Generative AI applications is a plus.
Experience with data governance is a plus.

AWSGoGoogle Cloud PlatformJavaScriptPythonRubyScalaSQLTerraform