commercetools

Principal Engineer, Product Security

commercetools

full-time

Posted on:

Location Type: Hybrid

Location: BerlinGermany

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

GoJavaScriptKubernetesLinuxSDLCTerraformVault

About the role

  • Formulate, evangelise, and drive adoption of the product security strategy
  • Assess, advise on, and increase the security maturity posture
  • Create a standardised security architecture and operational best practices
  • Help track and drive remediation of security and technology risks
  • Educate product teams on risk assessments, threat modelling, and building secure api-first applications
  • Review requirements and designs to help product teams address shortcomings
  • Embed security tooling into the development process
  • Contribute to the review of external penetration tests and help teams prioritise fixes
  • Collaborate with product teams to improve overall security and resolve specific issues
  • Facilitate or lead customer conversations regarding product security
  • Triage and investigate new attack vectors to determine risk mitigation
  • Drive security and quality initiatives across the organization and support certification audits
  • Collaborate with Product Management, Principal Engineers, and legal/compliance teams
  • Identify skills gaps and facilitate knowledge sharing across the organization

Requirements

  • A strong technical background and 5+ years of proven track record in hands-on Product Security
  • 2+ years of experience improving Product Security in a leadership role
  • Experience with customer-facing security roles and influencing roadmaps in matrix organizations
  • Experience in a scale-up environment with ambitious and competing priorities
  • Expertise in formulating, elaborating, and clarifying requirements or priorities
  • Experience with Secure Architecture design reviews and Threat Modeling
  • Experience infusing security into various levels of the SDLC
  • Experience with Static Analysis and Secure Code Review implementations
  • Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security
  • Practical experience in DevSecOps and proficiency in at least one scripting language like JavaScript or Go
  • Project management experience for projects affecting multiple teams
  • Experience working within an Agile environment with a strong customer focus
  • Experience setting up and running trainings or onboardings
  • Clear written and verbal communication in fluent English
Benefits
  • Comprehensive health benefits for you and your dependents, including access to OpenUp for personalized mental health support
  • Learning and development opportunities including an annual learning budget, access to self-paced learning platforms and language training, personalized coaching, mentorship, and leadership programs
  • Family Leave Plus gives you additional fully paid weeks of parental leave on top of government-provided leave, so you can spend more time with your new addition
  • Our equity participation program allows you to share in our success
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Product SecuritySecure Architecture designThreat ModelingStatic AnalysisSecure Code ReviewDevSecOpsscripting languageLinux systemsKubernetesTerraform
Soft Skills
leadershipcommunicationcollaborationproblem-solvingknowledge sharingcustomer focusinfluencingproject managementfacilitationrisk assessment