security
Posted Apr 29Principal Product Security Engineer
Palo Alto, United StatesOn-site
Responsibilities
- Lead and evolve Obsidian’s product security program, including standards, runbooks, technical documentation, and operational practices.
- Drive security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews.
- Integrate security deeply into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD security controls.
- Improve security automation, monitoring, metrics, dashboards, and reporting.
- Lead technical response for product security incidents, vulnerability remediation, penetration testing, and red team findings.
- Support customer and prospect security reviews as a senior technical security expert.
Requirements
- Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. Backed by top investors including Greylock, Norwest Venture Partners, and IVP, we’ve built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source.
- Our team includes leaders who helped define the categories of endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, we’re transforming how SaaS is secured—in the era of agentic AI. Today, Obsidian is trusted by global enterprises like Snowflake, T-Mobile, and Pure Storage.
- We protect more than 200 organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand—including many of the world’s largest Fortune 1000 and Global 2000 companies. With strong global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise on the horizon, we’re scaling quickly toward long-term growth and IPO readiness.
- Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, secrets management, and service-to-service access controls.
- experience in cloud-native environments, ideally in cybersecurity, financial services, or another high-security industry.
- Strong software engineering skills, especially in Python.
- Hands-on expertise with Terraform, Kubernetes, AWS, GCP, GitLab, security automation, and security metrics.