Tech Stack

Description

As a Product Security Engineer at ClickHouse, you will collaborate with engineering and product teams to improve the security posture of our platforms and services. You'll conduct threat modeling, identify vulnerabilities, drive security tooling adoption, and help build secure product features for a leading real-time analytics company.

Requirements

• Experience supporting engineering teams with threat assessments, assurance activities, and implementation across distributed systems (web, API, client/server)
• Strong knowledge of AWS, GCP, or Azure, plus Kubernetes and Cilium
• Experience with engineering security tools like static/dynamic analysis, SCA, SBOM, OWASP SAMM, and fuzzing
• Significant development and automation experience, ability to work with C++ code
• Security as code mindset focused on automation and scale

Responsibilities

• Collaborate with engineering and product on threat modeling and secure implementation of features like key management, authentication, and sandboxing
• Identify security gaps in ClickHouse Cloud and OSS, triage vulnerabilities from bug bounty and responsible disclosure
• Improve security assurance activities including pentests, vulnerability assessments, and fuzzing
• Drive adoption of engineering security tools (Snyk, Semgrep, GitHub CodeQL) for static/dynamic analysis and dependency checks
• Handle information security events and incidents across products and services