ForHire

SENIOR PRODUCT SECURITY ENGINEER

SoundCloud
Full-time
New York, Atlanta, East Coast
$140,000 - $180,000
Posted on 3 months ago

Job Description

SoundCloud is seeking a ProdSec engineer to join their Security team. As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities and implement robust security measures in our products and services. You will advocate and shape security best practices across SoundCloud’s Engineering, Product, and Design (“EPD”) organization. This position has a unique opportunity to play a direct and pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.

Responsibilities

  • Conduct code reviews and threat modeling exercises
  • Automate the security of our Software Development Lifecycle
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Participate in our security incident response process
  • Make recommendations to product and teams about how to improve the consumer security of our platform
  • Identify security anti-patterns in our codebases and architecture
  • Help guide our Engineering and Product teams around the safe and responsible use of Generative AI
  • Promote and implement security best practices through educational initiatives
  • Improve internal tooling, processes, and documentation
  • Mentor and onboard new team members

Requirements

  • 5+ years of product or application security experience, or other relevant software engineering experience
  • Enthusiasm about collaborating with engineering and product teams
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Experience managing bug bounty programs
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Familiarity with IaC tools such as Terraform
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL)
  • Knowledge of industry-standard security frameworks and regulations is a plus
  • Experience with vulnerability management is a plus
  • Experience threat modelling Generative AI applications & use-cases in the context of the EU AI Act is a plus

Benefits

  • No benefits