Obsidian Security
Principal Product Security Engineer - Office of the CISO
Obsidian Security, Palo Alto, California, United States, 94306
Principal Product Security Engineer - Office of the CISO
Position overview: We’re looking for a Principal Product Security Engineer to join our team and lead our product security to the next level and beyond. The ideal candidate is a senior, highly technical, mission-driven, team-oriented professional with a proven track record in technical product security engineering, leadership, and execution. This role will shape how security is integrated throughout the Obsidian SaaS product, hosting environments, and related services.
The role requires an ownership mentality and the ability to operate in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT program. This is a high-impact role that will serve as a catalyst for growth for a seasoned cybersecurity professional.
The Principal Product Security Engineer reports to the Chief Information Security Officer and will be responsible for developing, implementing, optimizing, scaling, automating, and operating the Obsidian product security program. You will work closely with Engineering, Product, DevOps, GRC, and IT to support the company\'s product security needs. You should be a highly technical team leader with expertise in secure software engineering, automation, and application/infrastructure security, capable of implementing and operating application security, infrastructure protection, threat detection, and incident response in a modern tech stack.
Your Responsibilities Will Include
Security Architecture and Technical Leadership: provide leadership for the Security Team, mentor junior engineers, define and document the Product Security Program, lead scalable security design reviews, and promote secure-by-design development practices.
Secure SDLC & Code Review and Testing: integrate scalable security into the SDLC, perform deep technical reviews, configure security testing in CI/CD, automate fuzzing, SAST/DAST, SBOM generation, and dependency scanning, and maintain threat modeling processes.
Cloud Security & Infrastructure Hardening: collaborate with DevSecOps/DevOps/SRE/Platform Engineering to secure cloud resources, enforce zero-trust principles, mature IaC security, and monitor security tooling and metrics.
Incident Response & Threat and Vulnerability Management: lead security incident response, prioritize and remediate vulnerabilities, and create automation for incident detection and response.
What We’re Looking For
Excitement about working at an industry-leading cybersecurity startup with enterprise security needs.
At least 10 years of Product Security experience in a cloud-native environment, preferably in the cybersecurity industry.
Proficiency in software engineering with Python as a minimum, Terraform IaC, securing Kubernetes, and securing AWS and GCP environments.
Proficiency in securing the GitLab platform and in security automation, metrics collection, and reporting.
Strong understanding of multiple security domains: application security, protection, detection, response, vulnerability management, or threat intelligence.
Obsessive commitment to security while supporting the overall mission; experience with modern IT systems (Google Workspace, Microsoft 365, Slack, Notion, Jira, GitLab).
Experience working with multiple internal and external stakeholders during incident lifecycles and communicating security best practices across the company.
What We Can Do For You
Be part of a team-first, low-ego, mission-focused culture.
Provide opportunities for professional development and high-impact security work.
Influence the Obsidian product development and participate in conferences and knowledge sharing.
Competitive salary, equity, health benefits, and an annual conference attendance budget.
Base Salary Range: $219,000 USD - $280,000 USD
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Computer and Network Security
Referrals increase your chances of interviewing at Obsidian Security. Get notified about new Product Security Engineer jobs in Palo Alto, CA.
#J-18808-Ljbffr
The role requires an ownership mentality and the ability to operate in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT program. This is a high-impact role that will serve as a catalyst for growth for a seasoned cybersecurity professional.
The Principal Product Security Engineer reports to the Chief Information Security Officer and will be responsible for developing, implementing, optimizing, scaling, automating, and operating the Obsidian product security program. You will work closely with Engineering, Product, DevOps, GRC, and IT to support the company\'s product security needs. You should be a highly technical team leader with expertise in secure software engineering, automation, and application/infrastructure security, capable of implementing and operating application security, infrastructure protection, threat detection, and incident response in a modern tech stack.
Your Responsibilities Will Include
Security Architecture and Technical Leadership: provide leadership for the Security Team, mentor junior engineers, define and document the Product Security Program, lead scalable security design reviews, and promote secure-by-design development practices.
Secure SDLC & Code Review and Testing: integrate scalable security into the SDLC, perform deep technical reviews, configure security testing in CI/CD, automate fuzzing, SAST/DAST, SBOM generation, and dependency scanning, and maintain threat modeling processes.
Cloud Security & Infrastructure Hardening: collaborate with DevSecOps/DevOps/SRE/Platform Engineering to secure cloud resources, enforce zero-trust principles, mature IaC security, and monitor security tooling and metrics.
Incident Response & Threat and Vulnerability Management: lead security incident response, prioritize and remediate vulnerabilities, and create automation for incident detection and response.
What We’re Looking For
Excitement about working at an industry-leading cybersecurity startup with enterprise security needs.
At least 10 years of Product Security experience in a cloud-native environment, preferably in the cybersecurity industry.
Proficiency in software engineering with Python as a minimum, Terraform IaC, securing Kubernetes, and securing AWS and GCP environments.
Proficiency in securing the GitLab platform and in security automation, metrics collection, and reporting.
Strong understanding of multiple security domains: application security, protection, detection, response, vulnerability management, or threat intelligence.
Obsessive commitment to security while supporting the overall mission; experience with modern IT systems (Google Workspace, Microsoft 365, Slack, Notion, Jira, GitLab).
Experience working with multiple internal and external stakeholders during incident lifecycles and communicating security best practices across the company.
What We Can Do For You
Be part of a team-first, low-ego, mission-focused culture.
Provide opportunities for professional development and high-impact security work.
Influence the Obsidian product development and participate in conferences and knowledge sharing.
Competitive salary, equity, health benefits, and an annual conference attendance budget.
Base Salary Range: $219,000 USD - $280,000 USD
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Computer and Network Security
Referrals increase your chances of interviewing at Obsidian Security. Get notified about new Product Security Engineer jobs in Palo Alto, CA.
#J-18808-Ljbffr