Logo SoundCloud Limited

Principal Product Security Engineer

SoundCloud Limited

Job

  • Level
    Senior
  • Job Field
    IT, Application, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Berlin
  • Working Model
    Hybrid, Onsite

    • Job Summary

    In this role, you will identify security vulnerabilities in products and services, conduct threat modeling, design secure architecture, and optimize processes for automating security in our software development lifecycle.

    Job Technologies

    Your role in the team

    • As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services.
    • You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization.
    • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them.
    • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC).
    • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines.
    • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails.
    • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities.
    • Define, implement, and oversee processes and policies in our Vulnerability Management Program.
    • Triage and drive to remediation submissions from our external bug bounty program.
    • Participate in our security incident response process.
    • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform.
    • Promote security best practices through educational initiatives such as CTFs and technical talks.
    • Improve internal tooling, processes, and documentation.
    • Help to define the Product Security program and team strategy.
    • Mentor and onboard team members.

    This text has been machine translated. Show original

    Our expectations of you

    Qualifications

    • Deep expertise in designing secure architecture.
    • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products.
    • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala.
    • Vertrautheit mit IaC-Tools wie Terraform und CloudFormation.
    • Ability to effectively communicate risk to technical and non-technical audiences.
    • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus.

    Experience

    • 8+ years of product or application security experience, or other relevant software engineering experience.
    • Experience conducting threat modeling exercises and secure code reviews.
    • Experience configuring DevSecOps tools (e.g., SAST, SCA, Secret Scanning).
    • Experience managing bug bounty programs.
    • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira).
    • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities.
    • Experience with vulnerability management is a plus.
    • Experience with threat modelling and securing Generative AI applications & use cases in the context of the EU AI Act is a plus.
    • Experience with data governance is a plus.

    This text has been machine translated. Show original

    What we offer

    • We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home.
    • We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard.
    • We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Food & Drink

    Health, Fitness & Fun

    Topics that you deal with on the job

    Job Locations

    • Location Berlin

      Germany

    This is your employer

    SoundCloud Limited

    SoundCloud Limited

    SoundCloud is the world's leading social audio platform, where users can discover unique content anytime, anywhere. More and more users are choosing SoundCloud to find new music and share their own creative content. With all the different features the platform offers, it's easy to get lost in the world of music.

    Description

  • Language
    English
  • Company Type
    Established Company
  • Working Model
    Hybrid, Onsite
  • Industry
    Media, Publishing, Internet, IT, Telecommunication

    • Dev Reviews

    by devworkplaces.com

    Total

    (1 Review)
    3.6

    • Culture

      3.5

    • Career Growth

      4.0

    • Workingconditions

      3.5

    • Engineering

      3.5
    Show All Dev Reviews
    Logo SoundCloud Limited

    Principal Product Security Engineer

    SoundCloud Limited
    Location
    Berlin
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs