Principal Product Security Engineer
$190,000–$220,000 year
Hybrid · London, England, United Kingdom or New York City, New York, United States
Job Summary
Principal Product Security Engineer who will partner with Engineering, Product, and Design to identify and remediate security vulnerabilities in SoundCloud’s products and services. Responsibilities include identifying security anti-patterns, guiding safe use of agentic AI in the SDLC, automating security across CI/CD, securing AWS/GCP/on-prem infrastructure with proper access controls, conducting secure code reviews and threat modeling, overseeing Vulnerability Management and bug bounty triage, participating in incident response, promoting security best practices through initiatives like CTFs and talks, improving tooling and documentation, defining the Product Security program and strategy, and mentoring team members. Required hands-on experience includes 8+ years in product or application security, secure architecture design, threat modeling and secure code reviews, DevSecOps tooling (SAST, SCA, Secret Scanning), bug-bounty management, proficiency with JavaScript/Go/Ruby/Python/Scala, cloud experience (AWS/GCP), IaC (Terraform/CloudFormation), risk communication, data analysis (SQL), and knowledge of GDPR/CCPA/SOC2/NIS2/OWASP. Desirable familiarity with Generative AI security and EU AI Act, data governance, and related frameworks. Salary range $190,000-$220,000 annually, with a flexible work culture offering in-person collaboration at offices and work-from-home options; offices in New York, Los Angeles, Berlin, and London.”,
Required Qualifications
- 8+ years of product or application security experience, or other relevant software engineering experience
- Deep expertise in designing secure architecture
- Experience conducting threat modeling exercises and secure code reviews
- Experience configuring DevSecOps tools (SAST, SCA, Secret Scanning)
- Experience managing bug bounty programs
- Familiarity with languages such as JavaScript, Go, Ruby, Python, or Scala
- Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
- Familiarity with IaC tools such as Terraform and CloudFormation
- Ability to effectively communicate risk to technical and non-technical audiences
- Experience with data analysis (SQL) to determine scope and impact of vulnerabilities
- Knowledge of industry-standard security frameworks and regulations (GDPR, CCPA, SOC2, NIS2, OWASP) is a plus
- Experience with vulnerability management is a plus
- Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus
- Experience with data governance is a plus
This role has closed. Sorce can match you with similar open roles and apply on your behalf.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.