Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Principal Product Security Engineer

SSoundCloud
Seniority
Senior
Model
Remote
Sector
Consumer
Salary
Undisclosed
Contract
Full-Time

About the role

As a Principal Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design organization, playing a direct, pivotal role in safeguarding our products against emerging cyber threats.

What you'll do

  • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them
  • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC)
  • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines
  • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails
  • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Mentor and onboard team members

What you'll need

  • 8+ years of product or application security experience, or other relevant software engineering experience
  • Deep expertise in designing secure architecture
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities

Nice to have

  • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP
  • Experience threat modelling and securing Generative AI applications in the context of the EU AI Act
  • Experience with data governance

What they offer

  • Relocation support including allowances, one way flights, temporary accommodation and on-ground support
  • Creativity and Wellness benefit
  • Employee Equity Plan
  • Generous professional development allowance
  • Up to 35 days of PTO annually
  • Free lunches and office snacks
APPLY →