As a Staff Product Security Engineer you will partner with different stakeholders across the organization to secure our cloud infrastructure, improve our secdevops function, and complete secure design reviews for our products . We work closely with engineers across various domains of the Pinecone infrastructure, driving a culture of empowering engineers to have strong security ownership of their products and services through the development of security resources and tools that help promote a secure by default model. Not only will you partner with engineering teams to identify security risks that can impact our overall security posture, we work alongside them and collaborate to develop security solutions and standards to mitigate these risks to our customers and their data.
As pinecone grows, this role will eventually lead the Product Security Engineering department and function as the backup for the head of security.
Solve our most challenging security problems in cloud, code, and system design.
Discover the top security challenges we face and partner with teams across the company to be hands-on in implementing your security recommendations.
Empathize with the full spectrum of our customers and our engineers by advocating for effective solutions that scale with the needs of our business and our customers.
Build security controls that detect, prevent, and correct cloud, infrastructure, and code vulnerabilities in our complex and challenging environment.
Strong Experience with administration and securing of one or more cloud environments (Google Cloud Platform, AWS, Azure)
Clear understanding of cloud computing services/deployment architecture and infrastructure as code
Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies or development of new products and their features
Ability to communicate ideas and proposals concisely, both verbally and written, to senior staff members
Experience Implementing SecDevOps across Organizations
Container (Kubernetes/Docker) and service mesh (istio, linkerd) experience
Experience with software vulnerabilities, how CVEs are reported, and how they relate to specific system packages and remediations
Fluent in one or more Programming skills
A wealth of experience with information security standards & methodologies
Ability to distill complex security problems and drive toward creative solutions
Strong organizational and relationship skills
Exposure to machine learning applications
Familiarity with SOC2, NIST, and ISO standards
CISSP Certification
Web server/client architecture and implementation experience (OpenAPI/Swagger, gRPC)
Subscribe to Rise newsletter