Lead Product Security Engineer - US Remote

San Francisco, California

Weights & Biases

WandB is a central dashboard to keep track of your hyperparameters, system metrics, and predictions so you can compare models live, and share your findings.

View company page

At Weights & Biases, our mission is to build the best developer tools for machine learning. Weights & Biases is a series C company with $250 million in funding and a rapidly growing user base. Our platform is an essential piece of the daily work for machine learning engineers, from academic research institutions like FAIR and UC Berkeley to massive enterprise teams including iRobot, OpenAI, Toyota Research Institute, Samsung, NVIDIA, Salesforce, Blue Cross Blue Shield, Lyft, and more.

Reporting to the CISO, the Lead Product Security Engineer will directly contribute to securing the Weights & Biases platform that powers our customer's MLOps workflows. Providing both tools and guidance, the Lead Product Security Engineer will enable engineers to deliver our product securely. You will also be the technical leader of our security team responsible for mentoring and growing the team.

Responsibilities:

  • Build security into each stage of the software development lifecycle through the use of automated tools and processes
  • Collaborate with product and engineering on design reviews and threat models
  • Review code for implementation misconfigurations, vulnerabilities, and business logic flaws
  • Triage and respond to reports from our bug bounty and vulnerability disclosure program
  • Collaborate with our compliance team to mitigate risks related to security
  • Mentor and grow the security team

Requirements:

  • Deep understanding of modern security principles including encryption, authn/authz, vulnerability management, etc.
  • Experience building security controls into a CI/CD environment
  • Solid understanding of threat modeling techniques such as RTMP, PASTA, STRIDE, etc.
  • Experience reviewing security scans and remediating vulnerabilities
  • Experience writing software in a production setting, ideally with TypeScript, Go, and/or Python
  • Effective written and verbal communication skills
  • Experience with multiple clouds. We're primarily on GCP but also deploy into AWS and Azure
  • Willingness to both teach others and learn new techniques
We encourage you to apply even if your experience doesn't perfectly align with the job description as we seek out diverse and creative perspectives. Team members who love to learn and collaborate in an inclusive environment will flourish with us. We are an equal opportunity employer and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you need additional accommodations to feel comfortable during your interview process, reach out at careers@wandb.com.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: AWS Azure C CI/CD Cloud Compliance Encryption GCP Machine Learning Product security Python SDLC TypeScript Vulnerabilities Vulnerability management

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Country: United States
Job stats:  13  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.