Jobs · Information Technology · Washington

Staff Product Security Engineer

DataRobot · Seattle, WA · 1 wk ago
Information TechnologyFull-time

Key Responsibilities

  • Federal Compliance & Strategy Lead
  • Federal Security: Serve as a primary technical lead for the DataRobot Federal Group, driving the acquisition and maintenance of Authority to Operate (ATO) at FedRAMP High and DoD IL5 levels.
  • Compliance Engineering: Translate complex federal controls (NIST 800-53) into actionable engineering requirements for commercial developers.
  • Audit & Policy Management: Write and maintain security policies (SSPs) and procedures. Develop, track, and remediate Plans of Action and Milestones (POA&Ms) and provide technical evidence during third-party audits.
  • Security Engineering & Automation
  • Automate Everything: Develop custom automation to manage security tooling and implement "Secure-by-Design" processes in the CI/CD pipeline using Python or Go.
  • Container Security: Identify, design, and implement controls to safeguard our containerized production environments.
  • Tooling Management: Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
  • Threat Modeling: Review technical designs for new features, performing threat models to prioritize risks and educate developer teams on secure coding practices.
  • Customer Trust & Vulnerability Management
  • Customer Engagement: Act as the external face of DataRobot Security. Work directly with customers' security teams to resolve concerns regarding CVE exposure and architecture.
  • Customer-Centric Communication: Balance business needs with security rigor.

Knowledge, Skills, and Abilities

  • Federal Fluency: Deep understanding of the FedRAMP authorization process, NIST 800-53, and DoD Cloud Computing Security Requirements Guide (SRG).
  • Technical Proficiency: Fluent in writing code using Python or Go to build security automation. Must have a deep understanding of Linux containers (internals, security isolation). Familiarity with Kubernetes orchestration is strongly preferred. Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.
  • Strategic Mindset: Experience determining not just how to fix a bug, but why it happened and how to prevent it systemically.
  • Soft Skills: Strong leadership skills for guiding teams and liaising with various stakeholders.

Requisite Education and Experience

  • Citizenship: Must be a United States Citizen residing in the United States.
  • Experience: 8+ years of experience working in Information Security, with significant time spent in Product Security or AppSec roles.
  • Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).

Similar jobs