CrawlJobs Logo

Product Security Engineer

clickhouse.com Logo

ClickHouse

Location Icon

Location:
Canada

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

About the team: The Security Team is responsible for providing key security capabilities covering application, cloud and enterprise security, incident response, detection and GRC. Our team is looking for an experienced, hands-on security practitioner, who will drive the adoption of modern security processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and services.

Job Responsibility:

  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business

Requirements:

  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind

Nice to have:

  • BS, MS, or PhD in Computer Science or related field
  • Previous contributions to open source projects
  • Security or cloud related certifications (AWS, GCP, Azure)
What we offer:
  • Flexible work environment
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites

Additional Information:

Job Posted:
December 07, 2025

Work Type:
Remote work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Product Security Engineer

New

Senior Product Security Engineer

Join our Product Security team, where you'll partner with development and game t...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks
What we offer
What we offer
  • Medical (HSA & FSA)
  • dental
  • vision
  • 401(k) with company match
  • employee stock purchase plan
  • commuter benefits
  • in-house wellness program
  • broad learning & development opportunities
  • a charitable giving platform with company match
  • Fitness allowance
  • Fulltime
Read More
Arrow Right
New

Senior Product Security Engineer

Ready to make an impact on the security of products from the ground up? Join our...
Location
Location
United States , Austin
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines to ensure seamless and secure software delivery
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
  • Travel: No routine travel required
  • occasional travel as needed.
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks.
What we offer
What we offer
  • Medical (HSA & FSA), dental, vision, 401(k) with company match, employee stock purchase plan, commuter benefits, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match
  • Fitness allowance, employee discount programs, discounted games & events and stocked pantries.
  • Fulltime
Read More
Arrow Right
New

Staff Product Security Engineer

As a Staff Product Security Engineer, you will play a crucial role in safeguardi...
Location
Location
France , Paris
Salary
Salary:
Not provided
dashlane.com Logo
Dashlane
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of application security best practices, including experience with threat modeling and risk assessments
  • Demonstrated experience building or improving an SDLC program
  • Familiarity with CI/CD pipelines and their security implications
  • Familiarity with cloud infrastructure (e.g., AWS, Azure, Kubernetes), and Infrastructure-as-Code (e.g., Terraform)
  • Interest in enabling secure use of AI tools to drive efficiency, creativity, and impact internally
  • Communication & Collaboration: You engage and listen empathetically to others, adjusting your communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences
  • Mentoring: You enjoy using your knowledge and experience to support and uplevel those around you
  • Motivated Learner: You learn new technologies and processes quickly, and understand where to look for knowledge when you need it
  • Adaptability: You are a jack or jane of all trades - you’re comfortable digging into non-technical parts of the business to provide security support and guidance
Job Responsibility
Job Responsibility
  • Drive the continuous improvement of Dashlane’s security program across the product and company
  • Conduct architecture design reviews, threat modeling, and technical security assessments of Dashlane’s product (application and infrastructure) to identify security risks and provide mitigation guidance
  • Ensure security best practices are integrated throughout the software development lifecycle (SDLC)
  • Build upon and scale Vulnerability Management to ensure the team can track, analyze, and manage vulnerabilities and their remediation
  • Perform risk assessments of Dashlane’s internal systems, environments, assets, and data, and implement security best practices accordingly
  • Evaluate and implement security tooling and/or build customized tooling in-house where necessary
  • Participate in Compliance and Incident Response
  • Innovate and propose new forward-looking security features that protect Dashlane and our users
What we offer
What we offer
  • Equal Parental leave - regardless of gender, up to 20 weeks fully paid leave to take care of their new baby, within the first year of birth or adoption
  • Health insurance covered by Dashlane
  • Mentorship program - select your mentor from our internal pool and continue your learning path!
  • Commute allowance
  • Meal Vouchers (Swile)
  • Mental health services through Spring Health for you and family members
  • 4 extra days off (one per quarter) to acknowledge the importance of your wellbeing
  • Spot in daycare
  • Time off saving account
  • Donation matching program - give back to the community and support actions that lead to positive social impact under the historically marginalized communities. Every donation will be matched by Dashlane
  • Fulltime
Read More
Arrow Right
New

Product Security Engineer

The Security Team is responsible for providing key security capabilities coverin...
Location
Location
Netherlands
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Job Responsibility
Job Responsibility
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What we offer
What we offer
  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right

Product Security Engineer

Join Airtable as a Product Security Engineer and play a pivotal role in shaping ...
Location
Location
United States , San Francisco; Seattle; New York City; Los Angeles
Salary
Salary:
170000.00 - 277000.00 USD / Year
airtable.com Logo
Airtable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years experience in product security and application security
  • Experience shipping production code
  • Skilled at conducting in-depth security reviews and collaborating with engineering teams
  • Proficient in writing clean, maintainable code
  • Hands-on experience with AI product security for LLM-powered products
  • Strong communicator and collaborator, able to drive security initiatives
  • Comfortable making systems as well as breaking them
  • Familiar with JavaScript or TypeScript, Node, Linux, and AWS or comparable technologies
  • Comfortable working in a fast-paced environment and contributing to long-term security strategy
Job Responsibility
Job Responsibility
  • Partner with product teams to review product plans, designs, and code for security considerations
  • Lead and implement programs that raise the bar for application and product security
  • Build and ship frameworks that make it easy for product engineers to ship secure code
  • Triage and drive remediation for findings from external penetration testers
  • Research emerging threats and evolving best practices, especially in AI and LLM safety
  • Work with advisors and third party vendors on penetration tests, security reports and compliance projects
  • Contribute to roadmaps, metrics and strategic planning for the product security team
What we offer
What we offer
  • Benefits
  • Restricted stock units
  • Incentive compensation
  • Fulltime
Read More
Arrow Right

Product Security Engineer - Secure SDLC Analyst

HPE Aruba Networking is looking for a person excited to work at the intersection...
Location
Location
United States , San Juan
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Information Security, Computer Science, or related technical field
  • A background in software security, either academic or work experience, including reverse engineering, vulnerability classes such as buffer overflows and their prevention, web application security, and/or cloud security
  • Programming knowledge of at least one programming language with the ability to look at source code and figure out what it’s doing
  • Familiarity with the purpose of tools such as IDEs, compilers, source code revision control systems, ASPM, SCA and code scanners
  • Minimum 3 years of experience working directly in software engineering or in an adjacent field with exposure to the software engineering environment
  • Experience conducting risk assessments, threat modeling, and/or compliance assessments
  • Experience supporting the integration of security practices through the software development lifecycle
Job Responsibility
Job Responsibility
  • Assist in the execution of product compliance assessments against various frameworks (e.g. NIST SSDF, NIST SP 800-218, SP 800-53, CIS Benchmarks)
  • Assist in the development and/or maintenance of GRC and SDLC tooling implementations, including scripting and automation
  • Operate as a representative of HPE Aruba in working groups, with government representatives, and with auditors
  • Provide consulting, information, and advice to product teams around implementing and improving the maturity of our SDLC
  • Document known issues and provide information to product teams in a manner which allows for easy interpretation and corrective actions to be performed
  • Monitor worldwide government standards and communicate to management and product teams when changes are made that may impact an existing control or introduce new requirements
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
United States , Remote
Salary
Salary:
101900.00 - 234500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity, or a related field (or equivalent experience)
  • 7+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF, and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers.
What we offer
What we offer
  • Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing
  • Specific programs catered to helping employees reach career goals
  • Inclusive working environment.
  • Fulltime
Read More
Arrow Right

Product Security Engineer

At Atlassian, we're motivated by a common goal: to unleash the potential of ever...
Location
Location
United States , San Francisco
Salary
Salary:
150700.00 - 206000.00 USD / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Cybersecurity or related field
  • 24 months of experience working as Application Security Engineer, Product Security Engineer, or Penetration Tester
  • experience in application security tooling such as BurpSuite Pro, Postman, Docker, Command Line Interface (CLI) tools, Nmap, and Metasploit
  • understanding and coding common programming languages such as Java, Python, or Go
  • penetration testing, vulnerability assessment, composing and generating vulnerability reports
  • administering and managing Jira project
  • data analysis and data visualization tooling such as Tableau and Databricks
  • code versioning tools such as Bitbucket Cloud and GitHub
  • must pass technical interview
Job Responsibility
Job Responsibility
  • Evaluate submissions from security researchers to bug bounty program, assess the impact of each vulnerability, and communicate with the researcher community to help obtain additional details that may be helpful to engineering teams as they work to remediate the issues
  • drive improvement to the policies, processes, and automation to make bug bounty programs effective and ensure to get the most accurate information about each vulnerability to the proper engineering team as quickly as possible
  • work on vulnerability management improvements on processes, policies and standards
  • make sure the company's products and services are safe and secure, the internal vulnerability management workflow is accurate and up to date
  • identify vulnerabilities at scale and help engineering teams systematically remediate them
  • work on securing open-source supply chain
  • interact with some of the world’s leading security researchers through bug bounty program
  • build cutting edge tools to help identify and remediate vulnerabilities at scale
  • work with web application security and a strong ability to work with colleagues to develop and build solutions to help us scale in order to be successful in this role
  • read and write code
What we offer
What we offer
  • health and wellbeing resources
  • paid volunteer days
  • Fulltime
Read More
Arrow Right
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Australia Jobs Canada Jobs Poland Jobs Ireland Jobs Spain Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy