Principal Engineer – Product Security

Job role insights

  • Date posted

    September 5, 2024

  • Closing date

    November 4, 2024

  • Offered salary

    €90,000 - €120,000/year

  • Experience

    3 - 5 Years

Description

Principal Engineer - Product Security

Job Description:

    Our Guiding Stars are the values at the heart of our organization that drive everything we do. We are committed to creating meaningful change not only in our industry but also in the communities we engage with. If our Guiding Stars resonate with you, we encourage you to consider joining our team. Drive Results: We think big, work smart, and execute fast to transform the future of commerce. Cultivate Belonging: We welcome diverse backgrounds and experiences, driving positive change through inclusion and teamwork. Champion Customers: We go the extra mile for our customers to help them unlock their full potential. Adapt Boldly: We’re curious and innovative, we take risks and grow from our failures. We recently crossed the threshold of 100 engineers, and are setting up a tech leadership track to enable us to grow further. By being one of the first Principal Engineers, you’ll shape the role itself and the tech leadership culture together with the Director of Tech Leadership, who you’ll report to.

IT Languages:

  • JavaScript
  • Go

As our Principal Engineer in Product Security, you’ll tackle complex technical challenges related to ambitious products. Our commerce APIs manage sensitive data like customer accounts and orders. The Merchant Center, our back-office tool, features a sophisticated permission model built on top of our APIs. You’ll empower our product teams to 'shift left', enabling them to build secure services on a multi-cloud infrastructure from the outset.:

    Develop standardized security architecture and operational best practices for new services and teams., Train product teams on conducting risk assessments, threat modeling, and designing secure applications, including API-first products., Review application requirements and designs, assisting product teams in addressing any identified gaps., Aid product teams in integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools into their development workflows., Coordinate external penetration tests and support teams in remediating identified vulnerabilities., Collaborate with development teams to resolve security issues and enhance overall security practices., Investigate emerging attack vectors promptly to help teams implement effective security controls., Assist teams during certification audits., Identify learning needs and skill gaps, facilitating security knowledge sharing across the organization., Initiate improvements affecting multiple teams to enhance Product Security while bringing colleagues' ideas to fruition., Lead communication efforts within the organization for long-term initiatives, ensuring successful adoption., Work closely with Product Management, fellow Principal Engineers, the Head of Engineering, and legal and compliance teams., Contribute to the evolution of our tech vision and promote it throughout the organization.

Spoken Languages:

  • English, German, French

Skillset:

  • Product Security
  • Secure Architecture
  • Threat Modeling
  • DevSecOps
  • Agile Methodologies
  • Risk Assessment
  • Static and Dynamic Analysis Tools
  • Scripting Languages

Qualifications:

  • Demonstrated expertise and experience in a practical Product Security role with over five years of hands-on involvement.
  • Proven leadership experience in enhancing Product Security for at least two years.
  • Proficient in conducting Secure Architecture design reviews and Threat Modeling.
  • Ability to integrate Security practices at various stages of the Software Development Life Cycle.
  • Experience with Static Analysis and Secure Code Review implementations to efficiently identify security vulnerabilities early in development.
  • Solid understanding of Linux systems
  • Kubernetes
  • Terraform
  • Vault
  • API
  • and web application security.
  • Possession of relevant Security Certifications such as CISSP
  • CCSP
  • Certified Kubernetes Security Specialist
  • or cloud security certifications.
  • Practical experience in DevSecOps
  • with proficiency in at least one scripting language such as JavaScript or Go.
  • Analytical skills to evaluate security issues alongside organizational challenges.
  • Experience in project management
  • particularly for initiatives involving multiple teams.
  • Background in Agile methodologies with a strong focus on customer needs.
  • Experience in establishing training and onboarding sessions.
  • Strong written and verbal communication skills.
  • Fluency in English to operate effectively in an international setting.
  • High level of self-assessment and mastery.
  • A passion for knowledge sharing and continuous self-improvement in leadership
  • new technologies
  • and concepts.

Years of Experience:

    5

Location:

    Europe

Job Benefits:

  • Competitive salary
  • Flexible working hours
  • Health and wellness programs
  • Professional development opportunities
  • Inclusive company culture
  • Remote work options

Working Conditions:

    Full Time

Employment Type:

    Permanent contract

Company Culture:

  • We value diversity
  • inclusion
  • and teamwork. Our culture fosters innovation and encourages employees to take risks and learn from their experiences.

Opportunities For Advancement:

  • There are clear pathways for career advancement within the tech leadership track as the company continues to grow.

Visa Sponsorship:

    Available

Interested in this job?

6 days left to apply

Apply for this job

Cancel
Send message
Cancel