Senior Product Security Engineer

As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities and implement robust security measures in our products and services. You will advocate and shape security best practices across SoundCloud’s Engineering, Product, and Design (“EPD”) organization. This position has a unique opportunity to play a direct and pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.

Key Responsibilities:

• Conduct code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
• Drive efforts to automate the security of our Software Development Lifecycle
• Define, implement, and oversee processes and policies in our Vulnerability Management Program
• Triage and drive to remediation submissions from our external bug bounty program
• Participate in our security incident response process
• Make recommendations to product and teams about how to improve the consumer security of our platform
• Identify security anti-patterns in our codebases and architecture, and make recommendations to engineering on how to improve them
• Help guide our Engineering and Product teams around the safe and responsible use of Generative AI in our products and SDLCs.
• Promote and implement security best practices through educational initiatives, such as CTFs and technical talks
• Improve internal tooling, processes, and documentation
• Mentor and onboard new team members

Experience and Background:

• 5+ years of product or application security experience, or other relevant software engineering experience
• Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products
• Experience conducting threat modeling exercises and secure code reviews
• Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
• Experience managing bug bounty programs
• Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
• Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
• Familiarity with IaC tools such as Terraform
• Ability to effectively communicate risk to technical and non-technical audiences
• Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
• Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus
• Experience with vulnerability management is a plus
• Experience threat modelling Generative AI applications & use-cases in the context of the EU AI Act is a plus

About us:

• We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London)
• We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home
• We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone’s voice, perspective and experience is respected and heard
• We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities

Benefits:

• Comprehensive health benefits including medical, dental, and vision plans, as well as mental health resources
• Robust 401k program
• Employee Equity Plan
• Generous professional development allowance
• Interested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!
• Flexible vacation and public holiday policy where you can take up to 35 days of PTO annually
• 16 paid weeks for all parents (birthing and non-birthing), regardless of gender, to welcome newborns, adopted and foster children
• Various snacks, goodies, and 2 free lunches weekly when at the office

Diversity, Equity and Inclusion at SoundCloud

SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what’s next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with. We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.

At SoundCloud you can find your community or elevate your allyship by joining a Diversity Resource Group. Diversity Resource Groups are employee-organized groups focused on supporting and promoting the interests of a particular underrepresented community in order to build a more inclusive culture at SoundCloud. Anyone can join, whether you share the identity or strive to be an ally.