The position is for a Product Security Engineer at ClickHouse, posted by Jobgether, and is available for remote work in Canada.
The role involves collaborating with engineering and product teams to enhance security features in cloud and open-source environments.
Responsibilities include identifying vulnerabilities, implementing secure architecture, and enhancing automation at scale.
The engineer will partner with teams to design and secure new features through threat modeling and secure implementation practices.
The role requires assessing and triaging vulnerabilities from various sources, including bug bounty programs and GitHub issues.
The engineer will lead security assurance initiatives such as penetration testing, vulnerability assessments, and fuzzing activities.
The position involves driving the adoption of security tooling, including static/dynamic code analysis and software composition analysis.
The engineer will promote a strong engineering-security relationship and identify process improvements to reduce risk.
Responsibilities also include responding to security events and incidents, developing scalable tools and processes to mitigate future threats.
The role requires automating and operationalizing security measures to integrate seamlessly into the development lifecycle.
Candidates should have proven experience supporting secure development efforts and a deep understanding of cloud service providers and related security technologies.
A strong background in development and automation, particularly with C++ codebases, is necessary.
Hands-on experience with security tools and processes is required, along with a "Security as code" mindset.
Bonus qualifications include advanced degrees in Computer Science, contributions to open-source projects, or relevant security/cloud certifications.
Requirements:
Candidates must have proven experience supporting secure development efforts through threat modeling, security reviews, and hands-on implementation across distributed systems.
A deep understanding of cloud service providers such as AWS, GCP, and Azure is required, along with knowledge of Kubernetes and related security technologies.
A strong background in development and automation is necessary, with the ability to navigate and contribute to C++ codebases.
Hands-on experience with security tools and processes, including static/dynamic analysis, fuzzing, SBOM, and OWASP SAMM, is essential.
Candidates should possess a "Security as code" mindset, focusing on automation, scalability, and efficiency.
Bonus qualifications include advanced degrees (BS, MS, PhD in Computer Science), contributions to open-source projects, or relevant security/cloud certifications.
Benefits:
The position offers a fully remote work setup across Canada or the U.S., along with $500 for home office equipment.
Employer-contributed healthcare benefits are provided.
New hires will receive equity in the company.
The role includes flexible time off policies and generous leave entitlements.
Opportunities for global in-person meetups and team gatherings are available.
Employees will be part of shaping a diverse, open-minded culture as one of the company’s early employees.
