Staff Product Security Engineer
DataRobot · Boston, MA · 6 days ago
Information TechnologyFull-time
Key Responsibilities
- Federal Compliance & Strategy Lead
- Federal Security: Serve as a primary technical lead for the DataRobot Federal Group, driving the acquisition and maintenance of Authority to Operate (ATO) at FedRAMP High and DoD IL5 levels.
- Compliance Engineering: Translate complex federal controls (NIST 800-53) into actionable engineering requirements for commercial developers.
- Audit & Policy Management: Write and maintain security policies (SSPs) and procedures. Develop, track, and remediate Plans of Action and Milestones (POA&Ms) and provide technical evidence during third-party audits.
- Security Engineering & Automation
- Automate Everything: Develop custom automation to manage security tooling and implement "Secure-by-Design" processes in the CI/CD pipeline using Python or Go.
- Container Security: Identify, design, and implement controls to safeguard our containerized production environments.
- Tooling Management: Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
- Threat Modeling: Review technical designs for new features, performing threat models to prioritize risks and educate developer teams on secure coding practices.
- Customer Trust & Vulnerability Management
- Act as the external face of DataRobot Security. Work directly with customers' security teams to resolve concerns regarding CVE exposure and architecture.
- Customer-Centric Communication: Balance business needs with security rigor. You must be able to stand firm on security policies while maintaining strong professional relationships through clear, diplomatic, and solutions-oriented communication.
- Federal Fluency: Deep understanding of the FedRAMP authorization process, NIST 800-53, and DoD Cloud Computing Security Requirements Guide (SRG).
- Technical Proficiency: Fluent in writing code using Python or Go to build security automation. Must have a deep understanding of Linux containers (internals, security isolation). Familiarity with Kubernetes orchestration is strongly preferred. Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.
- Strategic Mindset: Experience determining not just how to fix a bug, but why it happened and how to prevent it systemically.
- Soft Skills: Strong leadership skills for guiding teams and liaising with various stakeholders.
- Citizenship: Must be a United States Citizen residing in the United States.
- Experience: 8+ years of experience working in Information Security, with significant time spent in Product Security or AppSec roles.
- Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).