Skip to main content
Back to jobs

Principal Product Security Engineer

External
obsidiansecurity logoObsidiansecurity · Palo Alto, CA
Full-timeOn-site1mo ago
Application SecurityAWSCI/CDCloud SecurityDocumentationGCP
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Lead and evolve Obsidian's product security program, including standards, runbooks, technical documentation, and operational practices.
  • Provide technical leadership, mentorship, and secure design guidance to security and engineering teams.
  • Drive security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews.
  • Integrate security deeply into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD security controls.
  • Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, secrets management, and service-to-service access controls.
  • Improve security automation, monitoring, metrics, dashboards, and reporting.
  • Lead technical response for product security incidents, vulnerability remediation, penetration testing, and red team findings.
  • Support customer and prospect security reviews as a senior technical security expert.

Requirements

  • 10+ years of product security and/or engineering experience in cloud-native environments, ideally in cybersecurity, financial services, or another high-security industry.
  • Strong software engineering skills, especially in Python.
  • Hands-on expertise with Terraform, Kubernetes, AWS, GCP, GitLab, security automation, and security metrics.
  • Deep knowledge across application security, cloud security, detection and response, vulnerability management, and secure SDLC practices.
  • Experience partnering with engineering, product, IT, GRC, and external stakeholders during security reviews and incidents.
  • Strong communication skills with the ability to influence, educate, and raise security maturity across the company.
  • A mission-driven, ownership-oriented mindset and the ability to thrive in a dynamic startup environment.

Benefits

A team-first, low-ego, mission-focused culture.High-impact work shaping the security of Obsidian's product and platform.Professional development opportunities and annual conference budget.Competitive salary, equity, and health benefits.Opportunities to publish research, share non-proprietary code, and present at conferences.The chance to join a fast-growing company backed by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, and Norwest Venture Partners.Employee BenefitsOur competitive benefits packages are designed to support our employees' well-being, both at work and at home. Our US based employees enjoy:Competitive compensation with equity and 401kComprehensive healthcare with dental and vision coverageFlexible paid time off and paid holiday time off12 weeks of new parent or family leavePersonal and professional development resourcesFor more details on our US benefits, or for information on our international benefits,Health insuranceDental insuranceVision insurance401(k)Flexible scheduleEquity / stock options

Additional Information

Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens-platforms like Microsoft 365, Salesforce, and hundreds more. Backed by top investors including Greylock, Norwest Venture Partners, and IVP, we've built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Our team includes leaders who helped define the categories of endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, we're transforming how SaaS is secured-in the era of agentic AI. Today, Obsidian is trusted by global enterprises like Snowflake, T-Mobile, and Pure Storage. We protect more than 200 organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand-including many of the world's largest Fortune 1000 and Global 2000 companies. With strong global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise on the horizon, we're scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security! Principal Product Security Engineer Position Overview We're looking for a Principal Product Security Engineer to lead and scale Obsidian's product security program across our SaaS product, cloud infrastructure, CI/CD pipelines, and related services. This is a senior, highly technical role for someone who can combine deep security engineering expertise with strong ownership, judgment, and cross-functional leadership. You'll partner closely with Engineering, Product, GRC, IT, DevOps, SRE, and Platform teams to embed security throughout the SDLC, strengthen cloud and infrastructure security, mature threat modeling and secure design practices, and drive automation across detection, response, vulnerability management, and security testing. This role reports to the Head of Security and is ideal for a seasoned product security leader who thrives in a fast-moving, high-growth cybersecurity startup and wants to make a meaningful impact on the security of our product, customers, and organization.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at obsidiansecurity? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect