Description:
We are looking for a Principal Product Security Engineer to help secure Elastic products that are loved by developers and recognized for innovation and impact across industries.
The InfoSec Product Security team is accountable for the security of all Elastic software and cloud services. We foster customer trust and empower Elastic to weave security into the fabric of our product development and Elastic Cloud platforms. In a globally distributed company, we think differently about achieving critical security and compliance objectives.
Are you passionate about architecting security at scale and empowering hundreds of engineers to ship innovative products safely and quickly? Can you build deep, collaborative partnerships with engineering leaders and high-caliber peers to lead impactful, company-wide security initiatives? Then we should have a conversation!
What You Will Be Doing:
- Act as a principal advisor and trusted partner to Engineering, providing strategic guidance on secure development practices for Elastic products and services.
- Develop and integrate guidance, frameworks, and tooling that enable engineers to safely embrace the full potential of AI/ML capabilities in secure software development.
- Drive and own cross-functional security initiatives to harden the software supply chain and CI/CD infrastructure to enable developer velocity at scale.
- Lead security reviews and assessments to identify weaknesses and provide effective and pragmatic mitigation and remediation strategies.
- Mentor and guide engineers, security champions, and others to elevate the organizational security posture and foster a proactive culture of security ownership across Elastic.
- Provide leadership and domain expertise in product-related security Incident Response processes.
What You Bring:
- Proven expertise in secure product development practices spanning the entire Software Development Lifecycle.
- A strong track record to lead large, cross-cutting projects and manage end-to-end delivery of security initiatives, demonstrating strategic thought, pragmatic execution, and developer empathy.
- Deep technical expertise, including proficiency in programming and scripting languages, enabling you to engage with application code to assess vulnerabilities.
- A demonstrated ability to communicate clearly and effectively across diverse teams and collaborators, including providing guidance to leadership and collaborating with engineers on complex security challenges.
Bonus Points:
- Experience with any Elastic products (Elasticsearch, Kibana, Elastic Agent, Beats, Elastic Cloud, Logstash, Elastic Security).
- Experience contributing to large open-source projects and engaging with the developer community.
- Experience using, applying, and securing artificial intelligence and machine learning technologies in a software engineering context.