Skip to main content
Back to jobs

Principal Product Security Engineer

External
soundcloud71 logoSoundcloud71 · Berlin, Germany
Full-timeOn-site3w ago
Application SecurityAWSCI/CDCloudFormationData AnalysisDevSecOps
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London) We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard. We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities

Responsibilities

  • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them
  • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC)
  • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines
  • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails
  • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Participate in our security incident response process
  • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform
  • Promote security best practices through educational initiatives such as CTFs and technical talks
  • Improve internal tooling, processes, and documentation
  • Help to define the Product Security program and team strategy
  • Mentor and onboard team members
  • Experience and Background:
  • 8+ years of product or application security experience, or other relevant software engineering experience
  • Deep expertise in designing secure architecture
  • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Experience managing bug bounty programs
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Familiarity with IaC tools such as Terraform and CloudFormation
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
  • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus
  • Experience with vulnerability management is a plus
  • Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus
  • Experience with data governance is a plus

Benefits

Not located in Berlin? No worries, we offer extensive relocation support including allowances, one way flights, temporary accommodation and, by partnering with Expath, on the ground support on arrivalInterested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!Employee Equity PlanGenerous professional development allowanceFlexible vacation and public holiday policy where you can take up to 35 days of PTO annuallyVarious snacks, goodies, and 2 free lunches weekly when at the officeDiversity, Equity and Inclusion at SoundCloudPaid time offFlexible scheduleEquity / stock options

Additional Information

SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform empowering artists to build and grow their careers by providing them with the most progressive tools, services, and resources. With over 400+ million tracks from 40 million artists, the future of music is SoundCloud. We are looking for a Principal Product Security Engineer to join our Security team! As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization. This position offers a unique opportunity to play a direct, pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at soundcloud71? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect