Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Senior Product Security Engineer image - Rise Careers
Job details

Senior Product Security Engineer

About the Role:
CloudZero is seeking our first Product Security Engineer. In this pivotal role, you will shape the security framework of our market-leading cloud cost intelligence platform, addressing some of the most critical challenges cloud-driven businesses face today. You will establish and champion best-in-class security practices, ensuring our platform remains resilient and our customers’ sensitive data is always safeguarded.

Collaborating closely with our engineering teams, you will design and implement secure development processes, identify and address vulnerabilities, and foster a security-first mindset throughout our product lifecycle. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Responsibilities:

  • Drive Security By Design 

    • Drive and influence the inclusion of security in product design and development. 

    • Partner with the software engineering team to champion secure coding practices, ensuring automated code reviews identify and address risks early in development.

    • Develop and integrate security automation into the CI/CD pipeline to enable scalable and consistent security testing across the software development lifecycle.  

  • Training & Enablement

    • Develop application specific security training for our engineering organization. 

    • Build and drive adoption of security champions programs across the engineering organization. 

  • Vulnerability and Risk Management

    • Implement and enforce vulnerability and risk management policies. 

    • Lead threat modeling exercises to uncover potential risks and ensure mitigation strategies are integrated into the product design. 

Requirements:

  • 3-5+ years of Python experience.

  • Knowledgeable with AWS, GCP, Azure and Snowflake. 

  • Proven expertise with application security testing tools, such as Burp Suite.

  • Strong understanding of OWASP Top 10.

  • Familiarity with SCA tools (e.g., Snyk, Dependency-Check) to manage open-source security risks.

  • Knowledge and experience securing CI/CD pipelines (Github Actions, Jenkins etc.) 

  • Strong understanding of secure coding practices, vulnerability management

  • Familiarity with threat modeling frameworks and experience applying them to real-world applications.

  • Exceptional communication skills, with the ability to explain technical concepts to developers, executives, and non-technical stakeholders.

  • A proactive mindset with a passion for enabling developers to adopt secure practices without friction.

  • Ability to participate in our incident response team on-call rotation.

About CloudZero
Cloud cost management is one of the biggest challenges organizations face today. As cloud adoption continues to accelerate, so do the complexities and costs associated with it — and macroeconomic conditions only increase pressure to prove cloud efficiency. That’s why we built CloudZero: a SaaS platform at the intersection of next-generation cloud cost management and FinOps. CloudZero ingests billing and usage data from all cloud, SaaS, and PaaS providers, organizes it in real time according to our customers’ business structures, lets customers view it at any level of time or resource granularity, and ultimately empowers them to make more informed business decisions.

Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization. At CloudZero, we believe every engineering decision is a buying decision, yet the cost conversation often bypasses the engineers who drive those determinations. To solve this, we’ve built a dynamic, single-page application that answers the complex, data-heavy questions every cloud-based organization needs to ask if they want to grow their company profitably.

To date, we’ve raised over $52 million from leading venture capital firms across the country. We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever. We’re growing rapidly and would love for you to be a part of it!

Equal Opportunity Employer

CloudZero is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status. All job offers are contingent upon the candidate passing background and reference checks.

**Applicants must be authorized to work for ANY employer in the United States. We are unable to sponsor or take over sponsorship of an employment Visa at this time.**

CloudZero Glassdoor Company Review
5.0 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CloudZero DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of CloudZero
CloudZero CEO photo
Unknown name
Approve of CEO
by CloudZero on Glassdoor

Average salary estimate

$125000 / YEARLY (est.)
min
max
$100000K
$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Senior Product Security Engineer, CloudZero

Are you ready to take your career to the next level? CloudZero is on the lookout for a Senior Product Security Engineer to join our vibrant team in Boston! This is an exciting opportunity where you can literally shape the future of our cloud cost intelligence platform. As our very first Product Security Engineer, you'll have the chance to establish a security framework that safeguards sensitive data for our innovative clients. You'll be right in the thick of things, collaborating with our talented engineering teams to design and implement secure development processes. Your role will not only involve identifying and addressing vulnerabilities but also fostering a security-first mindset that runs through our entire product lifecycle. Imagine doing your part to protect our platform while building scalable solutions that enhance security every day! With responsibilities that range from driving security by design to implementing robust vulnerability management policies, your expertise in Python, familiarity with AWS, and understanding of secure coding practices will be key. If you're passionate about empowering developers while ensuring top-notch security, CloudZero may be your perfect fit. Join us in making cloud efficiency a reality and empowering organizations to make informed business decisions with confidence. Dive into this unique opportunity and become a foundational part of our fast-growing company!

Frequently Asked Questions (FAQs) for Senior Product Security Engineer Role at CloudZero
What are the responsibilities of a Senior Product Security Engineer at CloudZero?

As a Senior Product Security Engineer at CloudZero, you will play a crucial role in establishing best-in-class security practices that protect our cloud cost intelligence platform. Your responsibilities will include driving Security by Design initiatives, collaborating with engineering teams to ensure secure coding practices, integrating security automation across our CI/CD pipeline, and developing training programs to enhance the security knowledge within the organization. Additionally, you will implement vulnerability management policies and lead threat modeling exercises to identify and mitigate potential risks.

Join Rise to see the full answer
What qualifications are needed for the Senior Product Security Engineer position at CloudZero?

To excel as a Senior Product Security Engineer at CloudZero, candidates should have 3-5+ years of experience with Python and a strong understanding of cloud platforms like AWS, GCP, and Azure. Familiarity with application security testing tools such as Burp Suite, a solid knowledge of the OWASP Top 10 vulnerabilities, and experience with CI/CD pipeline security are essential. Effective communication skills are vital, as you will engage with both technical and non-technical stakeholders to promote secure practices across the organization.

Join Rise to see the full answer
What tools do Senior Product Security Engineers use at CloudZero?

Senior Product Security Engineers at CloudZero utilize a variety of tools to ensure robust security within our applications. Key tools include application security testing tools like Burp Suite and Snyk for managing open-source security risks. Additionally, familiarity with CI/CD tools such as Github Actions or Jenkins is crucial to integrate security testing seamlessly into our development processes. These tools will help you identify vulnerabilities early and enforce secure coding practices across teams.

Join Rise to see the full answer
What is the work culture like for a Senior Product Security Engineer at CloudZero?

CloudZero prides itself on fostering an inclusive and collaborative work culture. As a Senior Product Security Engineer, you will work alongside passionate professionals dedicated to innovation and security. The environment encourages proactive communication and knowledge sharing, allowing you to cultivate a strong security culture within the engineering team. We believe that creating a security-first mindset benefits both our employees and our clients, making CloudZero a unique place to grow your security career.

Join Rise to see the full answer
What growth opportunities exist for Senior Product Security Engineers at CloudZero?

At CloudZero, we are committed to the professional development of our employees, especially for roles like the Senior Product Security Engineer. You will have the opportunity to lead projects, implement training programs, and collaborate with other departments, enhancing your leadership and technical skills. Furthermore, as our company grows, there are plenty of chances for upward mobility and the potential to shape the security direction of our products on a larger scale.

Join Rise to see the full answer
Common Interview Questions for Senior Product Security Engineer
How do you ensure security is integrated during the product design phase?

When asked how to integrate security into product design, highlight your experience working closely with development teams to drive Security by Design principles. Discuss your approach to collaborating with engineers from the early stages, establishing security requirements, and utilizing threat modeling exercises to identify potential vulnerabilities. Be sure to emphasize proactive communication and the importance of embedding security practices throughout the development lifecycle.

Join Rise to see the full answer
Can you describe your experience with vulnerability assessments?

When discussing your experience with vulnerability assessments, detail the tools and methodologies you've implemented, such as using Burp Suite for testing and Snyk for managing open-source vulnerabilities. Share specific examples of how you have identified vulnerabilities, prioritized remediation efforts, and collaborated with teams to ensure risks were effectively mitigated. This shows your hands-on experience and commitment to maintaining secure applications.

Join Rise to see the full answer
What is your understanding of the OWASP Top 10?

In answering this question, you should demonstrate a solid understanding of the OWASP Top 10 vulnerabilities and their significance. Briefly explain each of the vulnerabilities, such as injection, broken authentication, and sensitive data exposure. Share how this knowledge has influenced your approach to secure coding practices and vulnerability management, allowing you to educate development teams on these critical security issues.

Join Rise to see the full answer
How have you implemented secure coding practices in your past projects?

To answer this question effectively, provide examples of how you've championed secure coding practices, such as creating coding standards, conducting code reviews, and implementing automated security checks within the CI/CD pipeline. Discuss the importance of training and empowering developers to adopt these practices, showcasing your role in fostering a security-conscious culture within the organization.

Join Rise to see the full answer
What strategies do you use to communicate security concepts to non-technical stakeholders?

Demonstrating effective communication skills is key in this role. To answer, describe your strategies for breaking down complex security concepts into relatable terms for non-technical audiences. Mention your experience creating visual aids, writing clear documentation, or presenting security risks in business terms to help stakeholders understand the implications. Emphasize the importance of ensuring everyone is aligned on security objectives.

Join Rise to see the full answer
What experience do you have with cloud security and how it relates to the role?

In your response, emphasize your familiarity with cloud platforms like AWS, GCP, or Azure and discuss cloud security best practices. Talk about how you've implemented security controls, monitored cloud environments, and managed risks associated with cloud services. Highlight any real-world examples where your cloud security expertise directly contributed to securing applications and data, demonstrating your readiness for the role at CloudZero.

Join Rise to see the full answer
Can you explain the CI/CD pipeline and its importance in security?

When discussing the CI/CD pipeline, explain how it accelerates software delivery while ensuring quality and security. Emphasize the role of integrating security tools in this pipeline, such as automated testing and vulnerability scans. Highlight your experience in implementing these processes to enable rapid yet secure deployments, illustrating how this can mitigate risks and enhance overall application security.

Join Rise to see the full answer
How do you prioritize security issues when there are multiple vulnerabilities?

In prioritizing security issues, describe a risk-based approach that considers factors such as the potential impact, exploitability, and business context. Discuss how you would categorize vulnerabilities into high, medium, and low risk, and ensure that critical risks are addressed promptly. Sharing a framework you’ve used in past experiences will provide deeper insight into your systematic approach to vulnerability management.

Join Rise to see the full answer
What is your experience with developing security training programs for engineers?

Discuss your experience in creating and implementing security training programs tailored for developers. Highlight the methods you used to engage engineers and foster a culture of security awareness, such as workshops, hands-on labs, or security champions programs. Emphasize how these initiatives have led to measurable improvements in secure coding practices and risk management within your past organizations.

Join Rise to see the full answer
Why do you want to work as a Senior Product Security Engineer at CloudZero?

When answering, express your enthusiasm for CloudZero's mission and growth potential, as well as your passion for product security. Relate your skills and experience to the company’s objectives, showcasing how you can contribute to securing the platform and empowering customers. Personal touches about your admiration for CloudZero’s innovative approach or commitment to effective cloud cost management can also strengthen your response.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
CloudZero Remote Boston
VIEW
Posted 11 days ago
Photo of the Rise User
CloudZero Hybrid No location specified
VIEW
Posted 6 days ago
Photo of the Rise User
Albireo Energy Hybrid No location specified
VIEW
Posted 13 days ago
Photo of the Rise User
Anduril Industries Hybrid Costa Mesa, California, United States
VIEW
Posted 4 days ago
Photo of the Rise User
QODE Remote No location specified
VIEW
Posted 9 days ago
Photo of the Rise User
RE/SPEC Inc. Hybrid Anchorage, AK, USA
VIEW
Posted 6 days ago
Photo of the Rise User
Redwood Materials Hybrid McCarran, Nevada, United States
VIEW
Posted 13 days ago
Photo of the Rise User
CloudZero Hybrid Boston
VIEW
Posted 3 days ago
Photo of the Rise User
Margo Remote Warsaw
VIEW
Posted 8 days ago
Photo of the Rise User
Prophecy Remote Unite States (Remote)
VIEW
Posted 11 days ago
Photo of the Rise User CloudZero

32 jobs
MATCH
VIEW MATCH
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
March 27, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok