Jobs · Information Technology · Massachusetts

Staff Product Security Engineer

DataRobot · Boston, MA · 6 days ago
Information TechnologyFull-time

Key Responsibilities

  • Federal Compliance & Strategy Lead
  • Federal Security: Serve as a primary technical lead for the DataRobot Federal Group, driving the acquisition and maintenance of Authority to Operate (ATO) at FedRAMP High and DoD IL5 levels.
  • Compliance Engineering: Translate complex federal controls (NIST 800-53) into actionable engineering requirements for commercial developers.
  • Audit & Policy Management: Write and maintain security policies (SSPs) and procedures. Develop, track, and remediate Plans of Action and Milestones (POA&Ms) and provide technical evidence during third-party audits.
  • Security Engineering & Automation
    • Automate Everything: Develop custom automation to manage security tooling and implement "Secure-by-Design" processes in the CI/CD pipeline using Python or Go.
    • Container Security: Identify, design, and implement controls to safeguard our containerized production environments.
    • Tooling Management: Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
    • Threat Modeling: Review technical designs for new features, performing threat models to prioritize risks and educate developer teams on secure coding practices.
  • Customer Trust & Vulnerability Management
    • Act as the external face of DataRobot Security. Work directly with customers' security teams to resolve concerns regarding CVE exposure and architecture.
    • Customer-Centric Communication: Balance business needs with security rigor. You must be able to stand firm on security policies while maintaining strong professional relationships through clear, diplomatic, and solutions-oriented communication.

    Knowledge, Skills, and Abilities

    • Federal Fluency: Deep understanding of the FedRAMP authorization process, NIST 800-53, and DoD Cloud Computing Security Requirements Guide (SRG).
    • Technical Proficiency: Fluent in writing code using Python or Go to build security automation. Must have a deep understanding of Linux containers (internals, security isolation). Familiarity with Kubernetes orchestration is strongly preferred. Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.
    • Strategic Mindset: Experience determining not just how to fix a bug, but why it happened and how to prevent it systemically.
    • Soft Skills: Strong leadership skills for guiding teams and liaising with various stakeholders.

    Requisite Education and Experience

    • Citizenship: Must be a United States Citizen residing in the United States.
    • Experience: 8+ years of experience working in Information Security, with significant time spent in Product Security or AppSec roles.
    • Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).

Similar jobs