Product Security Engineer

at ClickHouse
📍 United States
USD 134,100-225,000 per year
MIDDLE
✅ Remote

SCRAPED

Used Tools & Technologies

Not specified

Required Skills & Competences ?

Security @ 3 Kubernetes @ 6 SQL @ 3 GCP @ 3 GitHub @ 3 Distributed Systems @ 3 AWS @ 3 Azure @ 3 API @ 3 OWASP @ 3 OSS @ 3 OLAP @ 3 Compliance @ 3

Details

ClickHouse is a leading company established in 2009 that provides an open-source column-oriented database system focused on delivering the fastest OLAP database performance globally. The platform supports real-time analytical reports via SQL, managing large data volumes efficiently. ClickHouse Cloud is trusted by many global enterprises and is available across major cloud providers like AWS, GCP, Azure, and Alibaba.

Responsibilities

  • Collaborate with engineering and product teams to enhance existing and build new product features with security focus, including threat modeling, assurance, and secure implementation.
  • Address security gaps and vulnerabilities across ClickHouse Cloud and OSS, including web, API, and server-client assets; triage bugs reported through bug bounty programs and responsible disclosure.
  • Lead security assurance initiatives such as penetration testing, vulnerability assessments, bug bounty programs, and fuzzing.
  • Implement and use engineering security tools like static/dynamic code analysis, dependency checks, and code licensing compliance (tools include Snyk, Semgrep, GitHub CodeQL).
  • Foster close engineering-security relationships and identify process and technology improvements.
  • Manage information security events and incidents related to ClickHouse products and services.
  • Develop automation and tooling to scale security processes and mitigate business risks.

Requirements

  • Experience supporting engineering and product teams through threat assessments, assurance activities, advisory, and implementation across distributed systems including web, API, and client/server assets.
  • Strong knowledge of cloud providers (AWS, GCP, Azure), Kubernetes, Cilium, and Crossplane.
  • Demonstrated experience with engineering security tools and processes such as static/dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, and fuzzing.
  • Significant development and automation skills, preferably with C++.
  • Security as code mindset focusing on automation and scalable security solutions.

Bonus Points

  • BS, MS, or PhD in Computer Science or related field.
  • Contributions to open source projects.
  • Security or cloud-related certifications (AWS, GCP, Azure).

Compensation

  • Salary ranges vary by location within the US, generally between $134,100 and $225,000 USD.

Benefits

  • Flexible work environment with global remote-friendly culture.
  • Employer healthcare contributions.
  • Equity via stock options.
  • Flexible time off policies.
  • $500 home office setup for remote employees.
  • Opportunities for in-person global gatherings.

Culture

  • Be part of the first 500 employees shaping company culture and values.

Equal Opportunity

  • ClickHouse ensures equal employment opportunity and prohibits discrimination based on various protected characteristics.

For questions on compensation, contact [email protected].