Logo SoundCloud Limited

Principal Product Security Engineer

SoundCloud Limited

Job

  • Level
    Senior
  • Job Feld
    IT, Application, Security
  • Anstellung
    Vollzeit
  • Vertragsart
    Unbefristetes Dienstverhältnis
  • Ort
    Berlin
  • Arbeitsmodell
    Hybrid, Onsite

    • Job Zusammenfassung

    In diesem Job identifizierst du Sicherheitsanfälligkeiten in Produkten und Services, führst Bedrohungsmodellierung durch, erstellst sichere Architektur und optimierst Prozesse zur Automatisierung unserer Softwareentwicklungssicherheit.

    Job Technologien

    Deine Rolle im Team

    • As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services.
    • You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization.
    • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them.
    • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC).
    • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines.
    • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails.
    • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities.
    • Define, implement, and oversee processes and policies in our Vulnerability Management Program.
    • Triage and drive to remediation submissions from our external bug bounty program.
    • Participate in our security incident response process.
    • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform.
    • Promote security best practices through educational initiatives such as CTFs and technical talks.
    • Improve internal tooling, processes, and documentation.
    • Help to define the Product Security program and team strategy.
    • Mentor and onboard team members.

    Unsere Erwartungen an dich

    Qualifikationen

    • Deep expertise in designing secure architecture.
    • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products.
    • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala.
    • Familiarity with IaC tools such as Terraform and CloudFormation.
    • Ability to effectively communicate risk to technical and non-technical audiences.
    • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus.

    Erfahrung

    • 8+ years of product or application security experience, or other relevant software engineering experience.
    • Experience conducting threat modeling exercises and secure code reviews.
    • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning).
    • Experience managing bug bounty programs.
    • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira).
    • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities.
    • Experience with vulnerability management is a plus.
    • Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus.
    • Experience with data governance is a plus.

    Unser Angebot

    • We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home.
    • We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard.
    • We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities.

    Benefits

    Work-Life-Integration

    Essen & Trinken

    Gesundheit, Fitness & Fun

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Berlin

      Deutschland

    Das ist dein Arbeitgeber

    SoundCloud Limited

    SoundCloud Limited

    SoundCloud ist die weltweit führende soziale Audio-Plattform, mit der Nutzer jederzeit und überall einzigartigen Content entdecken können.

    Description

  • Sprachen
    Englisch
  • Unternehmenstyp
    Etablierte Firma
  • Arbeitsmodell
    Hybrid, Onsite
  • Branche
    Medien, Verlagswesen, Internet, IT, Telekom

    • Dev Reviews

    by devworkplaces.com

    Gesamt

    (1 Bewertung)
    3.6

    • Culture

      3.5

    • Workingconditions

      3.5

    • Career Growth

      4.0

    • Engineering

      3.5
    Alle Dev Reviews anzeigen
    Logo SoundCloud Limited

    Principal Product Security Engineer

    SoundCloud Limited
    Ort
    Berlin
    Arbeitsmodell
    Hybrid, Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)
    Nur Englisch
    Nur Englisch erforderlich

    Weitere Jobs