devjobs.de

Principal Engineer Product Security

commercetools GmbH · Berlin, München | München | Deutschland | Berlin · Hybrid, Onsite

Gehalt auf Anfrage

Gefunden am 15.05.2026

Match

84%

Fit in Skills, Kultur und Entwicklungspfad.

Beschreibung

Job Zusammenfassung In dieser Rolle entwickelst du Sicherheitsstrategien und förderst die Implementierung sicherer APIs in Cloud-Umgebungen. Du berätst Teams zu Sicherheitsarchitekturen und führst Schulungen in Bedrohungsmodellierung durch. Job Zusammenfassung In dieser Rolle entwickelst du Sicherheitsstrategien und förderst die Implementierung sicherer APIs in Cloud-Umgebungen. Du berätst Teams zu Sicherheitsarchitekturen und führst Schulungen in Bedrohungsmodellierung durch. Deine Rolle im Team As our Principal Engineer Product Security, you'll support the Engineering team by solving challenging technical problems for an ambitious product and enabling teams to 'shift left' to build secure services on multi-cloud infrastructure. Formulate, evangelise, and drive adoption of the product security strategy. Assess, advise on, and increase the security maturity posture. Create a standardised security architecture and operational best practices. Help track and drive remediation of security and technology risks. Educate product teams on risk assessments, threat modelling, and building secure api-first applications. Review requirements and designs to help product teams address shortcomings. Embed security tooling into the development process. Contribute to the review of external penetration tests and help teams prioritise fixes. Collaborate with product teams to improve overall security and resolve specific issues. Facilitate or lead customer conversations regarding product security. Triage and investigate new attack vectors to determine risk mitigation. Drive security and quality initiatives across the organization and support certification audits. Collaborate with Product Management, Principal Engineers, and legal/compliance teams. Identify skills gaps and facilitate knowledge sharing across the organization. Unsere Erwartungen an dich Qualifikationen You're a creative problem-solver who is wired to find solutions. You confidently dive into complex challenges and have a talent for making them simple for others. Your curiosity drives you to constantly grow and contribute to an environment of trust and teamwork. Expertise in formulating, elaborating, and clarifying requirements or priorities. Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security. Clear written and verbal communication in fluent English. A genuine curiosity for using AI tools to work smarter and more effectively, paired with a drive to learn and put them into practice in your role. Erfahrung A strong technical background and 5+ years of proven track record in hands-on Product Security. 2+ years of experience improving Product Security in a leadership role. Experience with customer-facing security roles and influencing roadmaps in matrix organizations. Experience in a scale-up environment with ambitious and competing priorities. Experience with Secure Architecture design reviews and Threat Modeling. Experience infusing security into various levels of the SDLC. Experience with Static Analysis and Secure Code Review implementations. Practical experience in DevSecOps and proficiency in at least one scripting language like JavaScript or Go. Project management experience for projects affecting multiple teams. Experience working within an Agile environment with a strong customer focus. Experience setting up and running trainings or onboardings. Benefits Work-Life-Integration 🏖️ Workation Themen mit denen du dich im Job beschäftigst Cloud Computing Cyber/Security AI Metadaten Level: Senior Job Feld: IT, Software, Security Anstellung: Vollzeit Vertragsart: Unbefristetes Dienstverhältnis Arbeitsmodell: Hybrid, Onsite Unternehmenstyp: Digitale Agentur Branche: Internet, IT, Telekom Ort: Berlin, München | München | Deutschland | Berlin

Tech Stack

JavaJavascriptKubernetes

Warum passt du zu dieser Stelle?

Fit technisch: Stark auf Backend und API-Architektur.

Gaps: Fehlende Tool-Erfahrung in 1-2 Schlüsselbereichen.

Success-Wahrscheinlichkeit: Hoch bei schneller Einarbeitung.