Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Database Systems, Cloud Computing, CybersecurityIndustries
Requirements
Candidates should possess experience supporting engineering and product implementation efforts through threat assessments, assurance activities, and advisory roles, including implementation work across distributed systems with web, API, and client/server assets. Strong knowledge and experience with cloud service providers like AWS, GCP, or Azure, Kubernetes, and Cilium are required. Experience implementing and operating engineering security tools and processes such as static/dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, and fuzzing tools is necessary. Significant development and automation experience, with the ability to work with C++ code and a security-as-code mindset focused on automation and scale, are essential. A BS, MS, or PhD in Computer Science or a related field, previous contributions to open-source projects, and security or cloud-related certifications are considered bonus points.
Responsibilities
The Product Security Engineer will collaborate with engineering and product teams to enhance existing and develop new product features, focusing on threat modeling, assurance, and secure implementation, including secure key management, passwordless authentication, sandboxing, and isolation. They will identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage reported vulnerabilities from bug bounty programs and responsible disclosure, and improve security assurance activities like pentests, vulnerability assessments, bug bounty programs, and fuzzing. The role involves driving the implementation and usage of engineering security tools for static/dynamic code analysis, dependency checks, and code licensing compliance, nurturing the engineering-security relationship, and handling information security events and incidents. Additionally, they will develop processes, tooling, and automation to scale security processes and mitigate business risks.
Skills
Product Security
Threat Modeling
Secure Implementation
Key Management
Passwordless Authentication
Vulnerability Triage
Bug Bounty Programs
Static Code Analysis
Dynamic Code Analysis
Dependency Checks
Code Licensing Compliance
Snyk
Memory Issues
Pentesting
Vulnerability Assessment
Fuzzing
Clickhouse
High-speed column-oriented database management system
About Clickhouse
ClickHouse provides a high-speed, column-oriented database management system designed for developers and businesses that manage large-scale data. Its primary product processes analytical queries quickly by storing data from the same columns together, making it significantly faster than traditional row-oriented databases, especially in Online Analytical Processing (OLAP) scenarios. ClickHouse stands out from competitors by offering a free, open-source database that can be deployed on local machines or in the cloud, along with a fully managed service on platforms like AWS, GCP, and Microsoft Azure. The company's goal is to deliver a cost-effective solution that simplifies data management for its clients, as evidenced by user feedback highlighting substantial cost savings.
San Francisco, CaliforniaHeadquarters
2021Year Founded
$291.8MTotal Funding
SERIES_BCompany Stage
Data & Analytics, Enterprise SoftwareIndustries
201-500Employees
Benefits
Health Insurance
Unlimited Paid Time Off
Flexible Work Hours
Remote Work Options
Stock Options
Home Office Stipend
Risks
Redpanda Serverless poses a competitive threat in real-time data processing.
Integration challenges with PeerDB may delay expected benefits.
Dependency on Supabase could pose operational risks.
Differentiation
ClickHouse's column-oriented design offers superior speed for analytical queries.
The open-source model allows flexible deployment across various environments.
Integration with Grafana enhances data visualization capabilities.
Upsides
Partnership with Alibaba Cloud boosts presence in the Chinese market.
Acquisition of PeerDB enhances real-time analytics capabilities.
Launch of ClickPipes improves data processing efficiency for real-time updates.
Related Jobs
RemoteRemoteSecurity Engineer, Cloud Security
OpenAI$279,000 - $385,000/year
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteDevSecOps Engineer
OddballSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Engineer, Secure Agents
Cohere$150,000 - $220,000/year
- Full Time
- Senior (5 to 8 years), Junior (1 to 2 years)
RemotePerformance Modeling Engineer
GroqSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteVulnerability Detection Engineer (Content) - Exposure Management (Remo…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer
Injective LabsSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePlatform Engineer: Kubernetes
SupabaseSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteQA Automation Engineer, API / Security
Keeper SecuritySalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSecurity Engineer
Stitch FixSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Intelligent Automation Engineer (Security)
NerdWallet$136,000 - $252,000/year
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSr Project Manager, Commercial Product - MSI
Foundation Risk PartnersSalary not specified
- Full Time
- Senior (5 to 8 years)