Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Principal Engineer, Product Security

ccommercetools
Seniority
Senior
Model
Hybrid
Sector
B2B SaaS
Salary
Undisclosed
Contract
Full-Time

About the role

This is a Principal Engineer Product Security position supporting the Engineering team by solving complex technical security challenges and enabling teams to build secure services on multi-cloud infrastructure. You'll drive security strategy adoption and help teams "shift left" in their security approach.

What you'll do

  • Formulate, evangelise, and drive adoption of the product security strategy
  • Assess, advise on, and increase the security maturity posture
  • Create standardised security architecture and operational best practices
  • Help track and drive remediation of security and technology risks
  • Educate product teams on risk assessments, threat modelling, and building secure API-first applications
  • Review requirements and designs to help product teams address security shortcomings
  • Embed security tooling into the development process
  • Contribute to external penetration test reviews and help prioritise fixes
  • Collaborate with product teams to improve overall security and resolve specific issues
  • Facilitate customer conversations regarding product security
  • Triage and investigate new attack vectors to determine risk mitigation
  • Drive security initiatives across the organization and support certification audits

What you'll need

  • Strong technical background with 5+ years of proven hands-on Product Security experience
  • 2+ years of experience improving Product Security in a leadership role
  • Experience with customer-facing security roles and influencing roadmaps in matrix organizations
  • Experience in scale-up environments with ambitious and competing priorities
  • Expertise in Secure Architecture design reviews and Threat Modeling
  • Experience infusing security into various levels of the SDLC
  • Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security
  • Practical experience in DevSecOps and proficiency in JavaScript or Go
  • Project management experience for projects affecting multiple teams
  • Clear written and verbal communication in fluent English

Nice to have

  • Security certifications such as CISSP, CCSP, Certified Kubernetes Security Specialist, or cloud security certifications
  • Eagerness to constantly improve and learn about leadership and new technologies
  • Genuine curiosity for using AI tools to work more effectively

What they offer

  • Comprehensive health benefits for you and dependents, including mental health support
  • Annual learning budget and access to self-paced learning platforms
  • Family Leave Plus with additional fully paid parental leave weeks
  • Equity participation program
  • Hybrid work model with 3 days per week in Berlin, London or Valencia office
APPLY →