Product Security Engineer

📋 Description

• Oversee daily security operations to ensure that our platform satisfies the stringent requirements of both our on-premises and hosted clientele.

• Act as part of our Engineering Product Security team, addressing customer security inquiries.

• Create automation scripts in Python to enhance security workflows.

• Design and implement custom automation to manage security processes and execute "Secure-by-Design" principles within the CI/CD pipeline using Python.

• Identify, design, and establish controls to protect our containerized production environments.

• Deploy and oversee product security testing tools for SAST, DAST, and SCA assessments (e.g., Semgrep, Trivy, Burp Suite).

• Evaluate technical designs for new features, lead threat modeling sessions to prioritize risks, and guide developer teams on secure coding methodologies.

• Conduct and automate comprehensive vulnerability, threat, and exploitability assessments to provide actionable fixes and mitigations for DataRobot products.

• Perform initial technical investigations for customer reports and security incidents, collaborating with Engineering and IT Security to verify and monitor resolutions.

• Collaborate directly with Sales & Support teams to address issues related to security exposure and architecture.

⛳️ Requirements

• 3 to 5 years of experience in Product Security or Application Security positions.

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related discipline (or equivalent experience).

• Proficient in writing Python code for security automation initiatives.

• Must possess a thorough understanding of Linux containers (including internals and security isolation).

• Experience in Git-based collaboration and automating software delivery through CI/CD integration (Jenkins, Harness, or GitHub Actions).

• Familiarity with Kubernetes orchestration is highly desired.

• Practical experience with prevalent security tools such as Semgrep, Trivy, and Burp Suite.

• Strong capability to conduct manual code reviews or AI-assisted reviews in Python, Go, and Node.js, identifying vulnerabilities that automated tools may overlook (e.g., broken access control or insecure business logic).

🏝️ Benefits

• Medical, Dental & Vision Insurance

• Flexible Time Off Program

• Paid Holidays

• Paid Parental Leave

• Global Employee Assistance Program (EAP) and more!