Principal Engineer - Product Security

Our Guiding Stars are the values at the heart of our organization that drive everything we do. We are committed to creating meaningful change not only in our industry but also in the communities we engage with. If our Guiding Stars resonate with you, we encourage you to consider joining our team.

• Drive Results: We think big, work smart, and execute fast to transform the future of commerce
• Cultivate Belonging: We welcome diverse backgrounds and experiences, driving positive change through inclusion and teamwork
• Champion Customers: We go the extra mile for our customers to help them unlock their full potential
• Adapt Boldly: We’re curious and innovative, we take risks and grow from our failures

The Opportunity:

We recently crossed the threshold of 100 engineers, and are setting up a tech leadership track to enable us to grow further. By being one of the first Principal Engineers, you’ll shape the role itself and the tech leadership culture together with the Director of Tech Leadership, who you’ll report to.

As our Principal Engineer Product Security, you’ll work on challenging technical problems of an ambitious product. Our commerce APIs handle sensitive data like customer accounts and orders. The Merchant Center, our backoffice tool, has a sophisticated permission model built on top of our APIs. You’ll enable our product teams to “shift left” so they can build secure services on top of a multi-cloud infrastructure from the beginning.

Your Mission:

• Create a standardized security architecture and operational best practices, especially for new services and teams
• Educate our product teams how to perform risk assessments, model threats and design a secure application (including API-first products)
• Review requirements and application designs, and help product teams address any shortcomings
• Help product teams integrate SAST, DAST and SCA tooling into their development process
• Setup external penetration tests and enable teams to fix discovered vulnerabilities
• Collaborate with development teams to resolve security issues and improve security in general
• Investigate new attack vectors in a short period of time, to help teams implement appropriate security controls to mitigate risk
• Support teams during audits of our certifications
• (The following are generic Principal Engineer skills - feedback welcome)
• Identify learning needs/skills gaps, and facilitate related security knowledge sharing across the organization with the help of our internal knowledge management team
• You will kickstart improvements affecting multiple teams to improve our Product Security, as well as bringing your colleagues’ ideas to live
• Lead communication within the organization on long running initiatives, and make sure they get adopted successfully
• Closely collaborate with Product Management, the other Principal Engineers, the Head of Engineerings as well as the legal and compliance teams
• You contribute to the evolution our tech vision and promote it within the organization

What you need to succeed:

• A strong technical background and a proven track record in a hands-on Product Security role (5+ years)
• Experience improving Product Security in a leadership role (2+ years)
• Experience with Secure Architecture design reviews & Threat Modeling
• Experience infusing Security at various levels of SDLC
• Experience with Static Analysis & Secure Code Review Implementations for an efficient detection of security vulnerabilities early in the SDLC
• Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API and web application security
• Security Certifications such as CISSP, CCSP, Certified Kubernetes Security Specialist, or GCP/AWS/Azure security certification
• Practical experience in DevSecOps, including proficiency in at least one scripting language (javascript , go ..)
• Ability to analyze security issues and related organizational issues
• Project management experience, especially for projects affecting multiple teams
• Experience working within an Agile environment with a strong customer focus
• Experience setting up trainings / onboardings and running them
• Clear written and verbal communication
• Fluent English to work in an international environment
• Great self-assessment mastery
• You are eager to share your knowledge and to constantly improve yourself and learn about leadership, new technologies and concepts

We care about your growth and well-being

💰 Competitive Compensation Package: Generous compensation structure consisting of salary, a competitive stock option package, and various benefits and perks

☀️ Workation: Work up to 60 days per year in a country different from your home country  

💻 Learning & Development Budget

📚 Academy: Regular training sessions, access to Coursera and Babbel training courses

🙌 Our Benefits: Check them out by office here

⌚️ Flexibility: Morning person or night owl? We believe in outcome and motivated employees

🚀 Mindset & Growth: A diverse workplace with an open, international culture, and learning environment

Come grow with us!

We are all different and that is what makes us stronger! We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company better.

commercetools celebrates being a diverse environment and is proud to be an equal opportunity employer. If your professional profile aligns with our specific hiring requirements and Guiding Stars, we encourage you to apply. We will assess your competencies, future potential, approach to learning and self-development and passion, and not your age, color, national origin, religion, gender, gender identity or expression, sexual orientation, familial status, genetics, or disability.