Product Security Engineer

As industries race to embrace AI, traditional database solutions fall short of rising demands for versatility, performance, and affordability. Couchbase is leading the way with Capella, the developer data platform for critical applications in our AI world. By uniting transactional, analytical, mobile, and AI workloads into a seamless, fully managed solution, Couchbase empowers developers and enterprises to build and scale applications with unmatched flexibility, performance, and cost-efficiency—from cloud to edge. Trusted by over 30% of the Fortune 100, Couchbase is unlocking innovation, accelerating AI transformation, and redefining customer experiences. Come join our mission.

Product Security Engineer

The Product/Application Security Engineer will be responsible for advocating secure SDLC and AI security practices. You will be responsible for threat modeling and security testing to ensure the delivery of secure product releases. You will evaluate application environments to ensure they are being designed and deployed in compliance with industry standards and best practices. You will collaborate closely with Product Management, Engineering, SRE, Project Managers, and others, in determining and ensuring that security requirements for product releases are met as part of all phases of the secure software development lifecycle (SSDLC) process.

You are a software developer at heart with a strong passion for security. You will work with multiple engineering teams to standardize, implement, and enhance product security. You will take an active role in training and spreading awareness to help build a security-first culture. You will be responsible for supporting application security tool deployments and recommend improvements to the tools and processes established within our application security framework to increase efficiency and mature the program.

Key Responsibilities

• Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.
• Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.
• Integrate application security tools within existing development, build, and deployment processes.
• Conduct dynamic & static code scan reviews and run-time tests. 
• Assist with the planning and execution of application penetration tests. 
• Interface and collaborate with Engineering, Cloud, and SOC teams during security incidents.
• Drive the remediation of security vulnerabilities in the products within defined SLAs.
• Assist in completing RFP security questionnaires

Desired Qualifications

• Bachelors in Computer Science, Information Security, or a related field
• 3-5 years of experience focused in the areas of software engineering, application security, cloud security, and related disciplines
• Solid understanding of secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices. 
• Familiarity with various software development & automation tools (e.g., GitHub, Jira, Jenkins, Qualys, SonarCube, Snyk, Sysdig, Veracode, Blackduck, etc.)
• A good understanding of threat modeling and how to mitigate application security risks.
• Knowledge of vulnerability management including CVSS scoring and CVEs across open source and third-party software and supply chains.
• Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS). In addition, experience with security features in AWS, Azure, and GCP Infrastructure is desirable.
• Good understanding of SSO, including OAUTH, SAML
• Database & Mobile security experience a plus
• Industry Certifications such as OSCP, CEH, CISSP, CISM, AWS Certified Security, Azure Security, Google Cloud Security Engineer are considered a plus
• Highly effective written and oral communication skills.
• Strong project management skills and ability to work independently on engagements