Jobs · Information Technology · California

Staff Product Security Engineer

DataRobot · San Francisco, CA · 1 wk ago
Information TechnologyFull-time

Key Responsibilities

  • Federal Compliance & Strategy Lead
  • Federal Security: Serve as a primary technical lead for the DataRobot Federal Group, driving the acquisition and maintenance of Authority to Operate (ATO) at FedRAMP High and DoD IL5 levels.
  • Compliance Engineering: Translate complex federal controls (NIST 800-53) into actionable engineering requirements for commercial developers.
  • Audit & Policy Management: Write and maintain security policies (SSPs) and procedures. Develop, track, and remediate Plans of Action and Milestones (POA&Ms) and provide technical evidence during third-party audits.
  • Security Engineering & Automation
    • Automate Everything: Develop custom automation to manage security tooling and implement "Secure-by-Design" processes in the CI/CD pipeline using Python or Go.
    • Container Security: Identify, design, and implement controls to safeguard our containerized production environments.
    • Tooling Management: Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
    • Threat Modeling: Review technical designs for new features, performing threat models to prioritize risks and educate developer teams on secure coding practices.
  • Customer Trust & Vulnerability Management
    • Act as the external face of DataRobot Security. Work directly with customers' security teams to resolve concerns regarding CVE exposure and architecture.
    • Customer-Centric Communication: Balance business needs with security rigor. You must be able to stand firm on security policies while maintaining strong professional relationships through clear, diplomatic, and solutions-oriented communication.

    Knowledge, Skills, and Abilities

    • Federal Fluency: Deep understanding of the FedRAMP authorization process, NIST 800-53, and DoD Cloud Computing Security Requirements Guide (SRG).
    • Technical Proficiency: Fluent in writing code using Python or Go to build security automation. Must have a deep understanding of Linux containers (internals, security isolation). Familiarity with Kubernetes orchestration is strongly preferred. Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.
    • Strategic Mindset: Experience determining not just how to fix a bug, but why it happened and how to prevent it systemically.
    • Soft Skills: Strong leadership skills for guiding teams and liaising with various stakeholders.

    Requisite Education and Experience

    • Citizenship: Must be a United States Citizen residing in the United States.
    • Experience: 8+ years of experience working in Information Security, with significant time spent in Product Security or AppSec roles.
    • Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).

    Benefits

    • Medical, Dental & Vision Insurance
    • Flexible Time Off Program
    • Paid Holidays
    • Paid Parental Leave
    • Global Employee Assistance Program (EAP)
    • and more!

    DataRobot Operating Principles

    • Wow Our Customers
    • Set High Standards
    • Be Better Than Yesterday
    • Be Rigorous
    • Assume Positive Intent
    • Have the Tough Conversations
    • Be Better Together
    • Debate, Decide, Commit
    • Deliver Results
    • Overcommunicate

    Attracting and Retaining Talent

    • We strive to attract and retain the best talent by providing competitive pay and benefits with our employees’ well-being at the core.
    • We encourage ALL candidates, especially women, people of color, LGBTQ+ identifying people, differently abled, and other people from marginalized groups to apply to our jobs, even if you do not check every box.

    Equal Employment Opportunity and Affirmative Action

    • We are an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

    Use of Artificial Intelligence in Our Hiring Process

    • DataRobot uses approved AI-powered tools to support the hiring process in selected regions. These tools may assist in writing job descriptions, reviewing applications, assessing qualifications, and evaluating candidate materials. All decisions regarding applications are made by members of the DataRobot team. All applicant data submitted is handled in accordance with our Applicant Privacy Policy.

Similar jobs