Principal Product Security Engineer

6d6 days ago

Obsidian Security

Palo Alto, US · Full-time · $260,000 – $300,000

About this role

Obsidian Security seeks a Principal Product Security Engineer to lead and scale the product security program across SaaS product, cloud infrastructure, CI/CD pipelines, and related services. This senior technical role combines deep security engineering expertise with ownership, judgment, and cross-functional leadership. It reports to the Head of Security in a fast-moving cybersecurity startup.

Partner closely with Engineering, Product, GRC, IT, DevOps, SRE, and Platform teams to embed security throughout the SDLC. Strengthen cloud and infrastructure security while maturing threat modeling and secure design practices. Drive automation across detection, response, vulnerability management, and security testing.

Lead security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews. Integrate security into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD controls. Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, and access controls.

Work with a team of leaders from CrowdStrike, Okta, Cylance, and Carbon Black in a company trusted by Snowflake, T-Mobile, and Pure Storage. Enjoy strong global momentum and a growing partner ecosystem with SentinelOne, Databricks, and Google Cloud. Scale quickly toward long-term growth and IPO readiness.

Join Obsidian to transform SaaS security in the era of agentic AI. Protect over 200 organizations across North America, Europe, and beyond, including Fortune 1000 companies. Make a meaningful impact on product, customers, and organizational security.

Requirements

10+ years of product security and/or engineering experience in cloud-native environments, ideally in cybersecurity, financial services, or another high-security industry
Strong software engineering skills, especially in Python
Hands-on expertise with Terraform, Kubernetes, AWS, GCP, GitLab, security automation, and security metrics
Deep knowledge across application security, cloud security, detection and response, vulnerability management, and secure SDLC practices
Experience partnering with engineering, product, IT, GRC, and external teams

Responsibilities

Lead and evolve the product security program, including standards, runbooks, technical documentation, and operational practices
Provide technical leadership, mentorship, and secure design guidance to security and engineering teams
Drive security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews
Integrate security deeply into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD security controls
Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, secrets management, and service-to-service access controls
Improve security automation, monitoring, metrics, dashboards, and reporting
Lead technical response for product security incidents, vulnerability remediation, penetration testing, and red team findings
Support customer and prospect security reviews as a senior technical security expert