New

Principal Product Security Engineer

Berlin, London
SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform empowering artists to build and grow their careers by providing them with the most progressive tools, services, and resources. With over 400+ million tracks from 40 million artists, the future of music is SoundCloud.
 
We are looking for a Principal Product Security Engineer to join our Security team!
 
As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud’s Engineering, Product, and Design (“EPD”) organization. This position offers a unique opportunity to play a direct, pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.

Key Responsibilities:

  • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them
  • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC)
  • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines
  • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails 
  • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Participate in our security incident response process
  • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform
  • Promote security best practices through educational initiatives such as CTFs and technical talks
  • Improve internal tooling, processes, and documentation
  • Help to define the Product Security program and team strategy
  • Mentor and onboard team members

Experience and Background:

  • 8+ years of product or application security experience, or other relevant software engineering experience
  • Deep expertise in designing secure architecture
  • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Experience managing bug bounty programs
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Familiarity with IaC tools such as Terraform and CloudFormation
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
  • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus
  • Experience with vulnerability management is a plus
  • Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus 
  • Experience with data governance is a plus

About us:

  • We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London)
  • We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home
  • We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone’s voice, perspective and experience is respected and heard.
  • We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities

Benefits:

  • Not located in Berlin? No worries, we offer extensive relocation support including allowances, one way flights, temporary accommodation and, by partnering with Expath, on the ground support on arrival
  • Interested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!
  • Employee Equity Plan
  • Generous professional development allowance
  • Flexible vacation and public holiday policy where you can take up to 35 days of PTO annually
  • Various snacks, goodies, and 2 free lunches weekly when at the office

Diversity, Equity and Inclusion at SoundCloud

SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what’s next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with. We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.

At SoundCloud you can find your community or elevate your allyship by joining a Diversity Resource Group. Diversity Resource Groups are employee-organized groups focused on supporting and promoting the interests of a particular underrepresented community in order to build a more inclusive culture at SoundCloud. Anyone can join, whether you share the identity or strive to be an ally.

Create a Job Alert

Interested in building your career at SoundCloud? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...

What is your preferred work location for this role?

Select...

Will you now, or in the future, require sponsorship for employment visa status in the United Kingdom?

Select...

 

When you apply to a job on this site, the personal data contained in your application will be collected by SoundCloud Inc. (located at 71 5th Avenue, 5th Floor, New York, 10003, NY, USA) if you are applying from the US, and SoundCloud Global Limited & Co. KG (located at Rheinsberger Str. 76/77, 10115 Berlin, Germany) if you are applying from outside the US (“SoundCloud”). SoundCloud's data protection officer can be contacted by emailing dataprotection@soundcloud.com. 

Purposes of Processing and Legal Basis

Your personal data will be processed for the purposes of managing SoundCloud’s recruitment-related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(b) of Regulation (EU) 2016/679 (General Data Protection Regulation), § 26 BDSG, as necessary for the establishment of an employment relationship. 

We have marked the required data for the application procedure accordingly, or referred you to the relevant sections. If you provide voluntary data that is not covered here in your CV or elsewhere, the basis for this is your consent (Art. 6 (1) (a) GDPR).

 

Data Transfer

SoundCloud will share your data with the responsible employees of their People Team and with employees otherwise involved in your application process.

Furthermore, external companies may process your personal data on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. Categories of recipients in this case are Internet service providers, providers of employee management systems and software, and providers of software that we use in all departments (e.g., video conferencing software).

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by SoundCloud to help manage its recruitment and hiring process on SoundCloud’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under standard contractual clauses. By submitting your application, you expressly consent to your data being transferred to the USA for processing as described above.

 

Retention Period

If we enter into employment with you after the application process, we will not delete your information until the employment ends. Otherwise, we will delete your data no later than six months after filling the position. If you have given us your consent to also use your data for further application procedures, we will only delete your data one year after receiving your application.

Your Rights 

Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have the right to data portability and the right to object. You also have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In addition, you may lodge a complaint with an EU supervisory authority.

Demographic Questions Germany and UK

Diversity, Equity and Inclusion Mission at SoundCloud

SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what’s next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with.

We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.

In order to track the effectiveness of our recruiting efforts and ensure we consider the needs of all our employees, please consider the following questions. Your answers will be anonymous and will not be tied to your application. 

Select...