Product Security Engineer

United States

Applications have closed
Elastic logo


We're the creators of the Elastic (ELK) Stack -- Elasticsearch, Kibana, Beats, and Logstash. Securely and reliably search, analyze, and visualize your data in the cloud or on-prem.

View all employer listings

Elastic is a free and open search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real-time and at scale. Thousands of organizations worldwide, including Barclays, Cisco, eBay, Fairfax, ING, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at

We are looking for a Product Security Engineer to join our Product Security Team within Elastic InfoSec and Engineering group. The team is responsible for ensuring Elastic Products are developed with security built-in. We enhance customer trust and enable all Elastic engineers to implement security into their development lifecycle.


The InfoSec team owns the strategy, policy, and programs for information security company-wide. Our responsibilities include product security, risk management, implementing a comprehensive security program, recommending and implementing security controls, preventing and detecting security threats. We do all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.

What you will be doing: 

  • Working with Engineering teams across Elastic to scale and mature the Elastic Product Security Program
  • Delivering solutions for our strategic application security program
  • Pushing left like a boss

What you bring along:

  • Experience working with software engineering teams to implement application security in an agile delivery model
  • Experience with Cloud services, SaaS, and cloud-native technologies
  • Experience with one or more vulnerability assessment methods such as: 

Dynamic Application Security Testing (DAST), Source Code Review and Static Application Security Testing (SAST),  Open-source and third-party software composition analysis (SCA), container security, manual pentesting

Bonus points: 

  • Implementing security automation in CI/CD and DevSecOps 
  • Public Security Disclosures and Vulnerability Response Management (PSIRT)
  • Offensive security and pen-testing experience
  • Secure Developer Training experience
  • Threat Modeling and Secure Architecture Design
  • Experience with the Elastic stack (Elasticsearch, Kibana, Logstash, Beats)
  • Experience with public security bug bounties

Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving - We match up to $1500 (or local currency equivalent)
  • Up to 40 hours each year to use toward volunteer projects you love
  • Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is committed to diversity as well as inclusion. We are an equal opportunity employer and committed to the principles of affirmative action. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. If you require any reasonable accessibility support, please complete our Candidate Accessibility Request Form

Applicants have rights under Federal Employment Laws, view posters linked below: Family and Medical Leave Act (FMLA) Poster; Equal Employment Opportunity (EEO) Poster; and Employee Polygraph Protection Act (EPPA) Poster.

Please see here for our Privacy Statement.

* Salary range is an estimate based on our salary survey 💰

Tags: Agile Application security Automation CI/CD Cloud DAST DevSecOps Elasticsearch Monitoring Offensive Security Pentesting Polygraph Privacy Product security PSIRT Risk management SaaS SAST Strategy

Perks/benefits: Career development Competitive pay Flex hours Flex vacation Health care Medical leave Parental leave Salary bonus

Region: North America
Country: United States
Job stats:  10  1  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.