Back to jobs
New

Senior Security Automation Engineer

Netherlands (remote)

About ClickHouse

Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.

The company’s sustained, accelerating momentum was recently validated by a $400M Series D financing round. Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla.

We’re on a mission to transform how companies use data. Come be a part of our journey!

The Security organization at ClickHouse is built around a single mission: build customer trust through resilient, pragmatic security. We are establishing a new, centralized Security Automation capability—a dedicated function responsible for delivering automation work across all product lines and engineering dimensions at ClickHouse, acting as a technical force multiplier for our Security, Identity, and GRC functions.

This capability exists to solve a real problem: as we scale and mature, we must move beyond manual evidence gathering, point-in-time audits, and disconnected identity workflows. We are creating a focused, empowered team that owns security and identity automation end-to-end—from architecture and design through to implementation and delivery.

About the role

We are looking for an experienced Senior Security Automation Engineer to build the underlying automation fabric that allows our Security teams to scale. You will build a Universal Provisioning Engine and custom integration layers that satisfy external auditors while keeping internal teams focused on shipping features.

You will eliminate the engineering "interruption tax," provide leadership with a real-time, data-driven view of our risk posture, and ensure continuous compliance with zero audit surprises. By solving the "Last-Mile Gap" in identity provisioning and extending compliance tools into our proprietary applications, you will ensure our most critical controls are continuously validated with programmatic precision.

What you will do:

Build the Security Telemetry and Risk Fabric

  • Control Design: Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding.
  • Security Telemetry: Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an 'always-on' view of our security posture.
  • Custom Assurance Logic: Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated. 
  • Agentic Risk Engine: Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected.

Architect Universal Identity and Access Automation

  • Universal Provisioning Connectors: Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities.
  • Customer-Approved Access Workflows: Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a "Trust-by-Design" model.
  • Centralized Security Visibility: Transition "hidden" access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications.
  • Automated Secret Discovery & Inventory: Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys.
  • Eliminate "Ghost Accounts": Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems.

Partner Across Security, Engineering and Product

  • Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks.
  • Eliminate the "Productivity Anchor" by removing manual provisioning workflows that slow down projects and flood teams with low-value administrative tickets.

What you bring along:

Security & Automation Engineering Depth

  • Strong hands-on background in security automation and identity engineering (IAM/IGA). 
  • Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required.
  • Experience building scalable and reliable automation ecosystems
  • Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to meet the granular requirements of a variety of compliance frameworks.
  • Understanding of risks associated with change management, logical access, and data integrity.

Execution and Delivery

  • Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing technical guardrails.
  • Strong instincts for eliminating operational friction and the engineering "interruption tax."
  • Experience delivering continuous data streams for security posture and risk validation.

Bonus Points:

  • BS, MS, or PhD in Computer Science or related field.
  • Previous experience at a cloud infrastructure, database, or developer tools company.
  • Experience with AI/Agentic risk engines and non-deterministic risk assessments.




Compensation

For roles based in the United States, the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed.

These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments.

An individual’s placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization.

If you have any questions or comments about compensation as a candidate, please get in touch with us at paytransparency@clickhouse.com.

Perks

  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
  • Healthcare - Employer contributions towards your healthcare.
  • Equity in the company - Every new team member who joins our company receives stock options.
  • Time off - Flexible time off in the US, generous entitlement in other countries.
  • A $500 Home office setup if you’re a remote employee.
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.

Culture - We All Shape It

As part of a rapidly scaling start up, you will be instrumental in shaping our culture. 

Are you interested in finding out more about our culture?  Learn more about our values here.  Check out our blog posts or follow us on LinkedIn to find out more about what’s happening at ClickHouse.

Equal Opportunity & Privacy 

ClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

Please see here for our Privacy Statement.

Create a Job Alert

Interested in building your career at ClickHouse? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in ClickHouse’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.