ZipRecruiter
Principal Product Security Engineer - Office of the CISO
ZipRecruiter, Palo Alto, California, United States, 94306
Overview
Job Description: Obsidian Security was founded to secure SaaS applications like Microsoft 365, Salesforce, and more. We are building a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. We are backed by investors including Greylock, Norwest Venture Partners, and IVP, and work with customers worldwide. We are scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security! Position Overview:
We are looking for a Principal Product Security Engineer to join our team and lead our product security to the next level. The ideal candidate is a senior, highly technical, team-oriented professional with a proven track record of excellence in technical product security engineering, leadership and execution. This role will be instrumental in shaping how security is integrated throughout the Obsidian SaaS product, hosting environments, and related services. The ideal candidate must be mission- and values-driven, possess an ownership mentality, and prioritize the well-being of customers, teammates, and the organization. This role thrives in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT program. This is a critical, high-impact role that serves as a catalyst for growth for seasoned cybersecurity professionals. The Principal Product Security Engineer reports to the Chief Information Security Officer and will be responsible for developing, implementing, optimizing, scaling, automating, and operating the Obsidian product security program. The role works closely with Engineering, Product, DevOps, GRC, and IT to support the company\'s product security needs. Candidates should be highly technical team leaders with secure software engineering, automation, and application and infrastructure security experience, capable of implementing and operating application security, infrastructure protection, threat detection, and incident response capabilities and best practices across an organization with a cybersecurity mission and modern tech stack. This is a multi-faceted role in a fast-moving startup and requires ownership, sound judgment, personal responsibility, and initiative. Your Responsibilities Will Include Security Architecture and Technical Leadership
Provide technical leadership and guidance for the Security Team, mentor more junior security engineers. Mentor engineers on secure design and coding practices, and influence cross-functional teams through technical thought leadership. Ensure that the Product Security Program is properly defined and documented to include technical runbooks, standards, procedures, and continuity documentation. Lead and drive scalable security design reviews for existing and new features and services. Define and maintain secure and private-by-design development patterns, and architectural and operational best practices. Lead security architecture reviews, threat modeling sessions, and secure coding workshops. Help scale security knowledge across the organization through training and documentation. Support escalations in customer and prospect security reviews and due diligence.
Secure SDLC & Code Review and Testing
Mature and integrate scalable security into the SDLC. Provide deep technical reviews for high-risk areas in backend and frontend codebases and services. Ensure security testing is properly configured and deployed in code projects and CI/CD pipelines. Ensure that testing and review outputs are properly documented, prioritized, and worked through completion. Automate fuzzing, SAST/DAST, SBOM, and third-party dependency scanning. Facilitate and evolve scalable threat modeling processes across SDLC. Anticipate and address new attack surfaces as the product evolves.
Cloud Security & Infrastructure Hardening
Partner with DevSecOps, DevOps, SRE, and Platform Engineering to improve the security of cloud environments, Kubernetes, data pipelines, CI/CD pipelines, and related resources. Drive zero-trust principles in service-to-service communication and access controls. Drive security maturity in critical Obsidian product resources such as secrets management systems, databases, and data pipelines. Mature Infrastructure as Code (IaC) and related security tooling and practices. Ensure that security tooling is properly configured and implemented to the maximum potential. Monitor security tooling for security events. Ensure that the most important security metrics are collected and properly made visible via dashboards and reporting.
Incident Response & Threat and Vulnerability Management
Act as a key technical lead in security incident response and after-action reviews. Prioritize, assess, and drive remediation of product and infrastructure vulnerabilities. Create automation workflows for security incident detection and response across environments. Support product penetration testing and corporate red teaming exercises.
What We're Looking For A person who is excited about working at an industry-leading cybersecurity startup company with enterprise security needs. At least 10 years of Product Security experience in a cloud- environment, with a preference towards experience in the cybersecurity industry Proficient in software engineering with emphasis on Python programming Proficient in Terraform Infrastructure-as-Code Proficient in securing Kubernetes Proficient in securing AWS and GCP environments Proficient in securing the GitLab platform Proficient in security automation Proficient in security metrics collection and reporting Excellent understanding of multiple security domains such as application security, protection, detection, response, vulnerability management, or threat intelligence Be obsessive about security while doing everything possible to support the overall mission. Experience with modern IT systems such as Google Workspace, Microsoft 365, Slack, Notion, Jira, GitLab Experience working with multiple internal and external stakeholders during incident lifecycles Experience communicating across a company to encourage and educate on best practices, standards, and policies What We Can Do For You Be part of a team-first, low-ego, mission-focused culture. Provide opportunities for professional development. Provide opportunities to make high-impact contributions to security. Influence the Obsidian product development. Annual conference attendance budget Competitive salary, equity, and health benefits Opportunity to publish research, share non-proprietary code, and present at conferences Reserve your seat on our rocket ship! We are funded by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, Norwest Venture Partners, and are growing fast. This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security. Employee Benefits Our competitive benefits packages are designed to support our employees\' well-being, both at work and at home. Our US based employees enjoy: Competitive compensation with equity and 401k Comprehensive healthcare with dental and vision coverage Flexible paid time off and paid holiday time off 12 weeks of new parent or family leave Personal and professional development resources For more details on our US benefits, or for information on our international benefits, please see here. Pay Transparency Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for sales commission or incentive compensation based on the role or function within the company. At Obsidian, we are proud to be an equal-opportunity employer. We value and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of and legal authorization. If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com Information collected and processed as part of any job applications you choose to submit is subject to Obsidian\'s Applicant Privacy Policy. Base Salary Range$219,000—$280,000 USD
#J-18808-Ljbffr
Job Description: Obsidian Security was founded to secure SaaS applications like Microsoft 365, Salesforce, and more. We are building a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. We are backed by investors including Greylock, Norwest Venture Partners, and IVP, and work with customers worldwide. We are scaling quickly toward long-term growth and IPO readiness. Join us as we define the future of SaaS security! Position Overview:
We are looking for a Principal Product Security Engineer to join our team and lead our product security to the next level. The ideal candidate is a senior, highly technical, team-oriented professional with a proven track record of excellence in technical product security engineering, leadership and execution. This role will be instrumental in shaping how security is integrated throughout the Obsidian SaaS product, hosting environments, and related services. The ideal candidate must be mission- and values-driven, possess an ownership mentality, and prioritize the well-being of customers, teammates, and the organization. This role thrives in a dynamic, high-growth startup environment within an established Cybersecurity, GRC, and IT program. This is a critical, high-impact role that serves as a catalyst for growth for seasoned cybersecurity professionals. The Principal Product Security Engineer reports to the Chief Information Security Officer and will be responsible for developing, implementing, optimizing, scaling, automating, and operating the Obsidian product security program. The role works closely with Engineering, Product, DevOps, GRC, and IT to support the company\'s product security needs. Candidates should be highly technical team leaders with secure software engineering, automation, and application and infrastructure security experience, capable of implementing and operating application security, infrastructure protection, threat detection, and incident response capabilities and best practices across an organization with a cybersecurity mission and modern tech stack. This is a multi-faceted role in a fast-moving startup and requires ownership, sound judgment, personal responsibility, and initiative. Your Responsibilities Will Include Security Architecture and Technical Leadership
Provide technical leadership and guidance for the Security Team, mentor more junior security engineers. Mentor engineers on secure design and coding practices, and influence cross-functional teams through technical thought leadership. Ensure that the Product Security Program is properly defined and documented to include technical runbooks, standards, procedures, and continuity documentation. Lead and drive scalable security design reviews for existing and new features and services. Define and maintain secure and private-by-design development patterns, and architectural and operational best practices. Lead security architecture reviews, threat modeling sessions, and secure coding workshops. Help scale security knowledge across the organization through training and documentation. Support escalations in customer and prospect security reviews and due diligence.
Secure SDLC & Code Review and Testing
Mature and integrate scalable security into the SDLC. Provide deep technical reviews for high-risk areas in backend and frontend codebases and services. Ensure security testing is properly configured and deployed in code projects and CI/CD pipelines. Ensure that testing and review outputs are properly documented, prioritized, and worked through completion. Automate fuzzing, SAST/DAST, SBOM, and third-party dependency scanning. Facilitate and evolve scalable threat modeling processes across SDLC. Anticipate and address new attack surfaces as the product evolves.
Cloud Security & Infrastructure Hardening
Partner with DevSecOps, DevOps, SRE, and Platform Engineering to improve the security of cloud environments, Kubernetes, data pipelines, CI/CD pipelines, and related resources. Drive zero-trust principles in service-to-service communication and access controls. Drive security maturity in critical Obsidian product resources such as secrets management systems, databases, and data pipelines. Mature Infrastructure as Code (IaC) and related security tooling and practices. Ensure that security tooling is properly configured and implemented to the maximum potential. Monitor security tooling for security events. Ensure that the most important security metrics are collected and properly made visible via dashboards and reporting.
Incident Response & Threat and Vulnerability Management
Act as a key technical lead in security incident response and after-action reviews. Prioritize, assess, and drive remediation of product and infrastructure vulnerabilities. Create automation workflows for security incident detection and response across environments. Support product penetration testing and corporate red teaming exercises.
What We're Looking For A person who is excited about working at an industry-leading cybersecurity startup company with enterprise security needs. At least 10 years of Product Security experience in a cloud- environment, with a preference towards experience in the cybersecurity industry Proficient in software engineering with emphasis on Python programming Proficient in Terraform Infrastructure-as-Code Proficient in securing Kubernetes Proficient in securing AWS and GCP environments Proficient in securing the GitLab platform Proficient in security automation Proficient in security metrics collection and reporting Excellent understanding of multiple security domains such as application security, protection, detection, response, vulnerability management, or threat intelligence Be obsessive about security while doing everything possible to support the overall mission. Experience with modern IT systems such as Google Workspace, Microsoft 365, Slack, Notion, Jira, GitLab Experience working with multiple internal and external stakeholders during incident lifecycles Experience communicating across a company to encourage and educate on best practices, standards, and policies What We Can Do For You Be part of a team-first, low-ego, mission-focused culture. Provide opportunities for professional development. Provide opportunities to make high-impact contributions to security. Influence the Obsidian product development. Annual conference attendance budget Competitive salary, equity, and health benefits Opportunity to publish research, share non-proprietary code, and present at conferences Reserve your seat on our rocket ship! We are funded by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, Norwest Venture Partners, and are growing fast. This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security. Employee Benefits Our competitive benefits packages are designed to support our employees\' well-being, both at work and at home. Our US based employees enjoy: Competitive compensation with equity and 401k Comprehensive healthcare with dental and vision coverage Flexible paid time off and paid holiday time off 12 weeks of new parent or family leave Personal and professional development resources For more details on our US benefits, or for information on our international benefits, please see here. Pay Transparency Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for sales commission or incentive compensation based on the role or function within the company. At Obsidian, we are proud to be an equal-opportunity employer. We value and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of and legal authorization. If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com Information collected and processed as part of any job applications you choose to submit is subject to Obsidian\'s Applicant Privacy Policy. Base Salary Range$219,000—$280,000 USD
#J-18808-Ljbffr