Principal Product Security Engineer
Remote · London, England, United Kingdom or New York City, New York, United States
Job Summary
Principal Product Security Engineer responsible for identifying security anti-patterns across codebases and architectures, guiding secure SDLC and agentic AI usage, automating security in CI/CD, securing cloud and on-prem infrastructure, conducting threat modeling and secure code reviews, managing vulnerability remediation and bug bounty submissions, and promoting security best practices through education and collaboration across SoundCloud’s Engineering, Product, and Design teams. Mentors teammates and shapes the Product Security program and strategy.
Required Qualifications
- 8+ years of product or application security experience or other relevant software engineering experience
- Deep expertise in designing secure architecture
- Experience configuring DevSecOps tools (SAST, SCA, Secret Scanning)
- Experience managing bug bounty programs
- Familiarity with cloud providers (AWS, GCP)
- Experience with IaC tools (Terraform, CloudFormation)
- Knowledge of industry-standard security frameworks and regulations (GDPR, CCPA, SOC2, NIS2, OWASP) is a plus
- Experience threat modeling and secure code reviews
- Ability to effectively communicate risk to technical and non-technical audiences
- Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
- Experience with data analysis (SQL) to determine scope and impact of vulnerabilities
- Experience with vulnerability management is a plus
- Experience with securing Generative AI applications & use-cases in context of EU AI Act is a plus
- Experience with DevSecOps tooling and security in SDLC (CI/CD)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.