Lead Product Security Engineer

Position Title: Lead Product Security Engineer

As our LeadProductSecurityEngineer youll own threat modeling, securebydesign guidance, and handson engineering for an industryleading SaaS platform that powers automotive retail for millions of users. You’ll work autonomously, partner closely with our Application Security (AppSec) scanning team, and influence product teams across the company—from design through incident response.

Working hours:

Key Responsibilities

1. Leadership & Strategy:

• Champion security culture and coach teams on secure product design
• Lead the development and implementation of CDK’s product security strategy
• Design and implement technology and processes supporting CDK’s product security strategy
• Effectively partner across security, technology, and business teams
• Provide technical security leadership to product teams
• Develop effective product security metrics and use them to drive improvements

2. Product Security Standards:

• Guide the development and continuous improvement of product security standards and guidelines in alignment with risk and compliance requirements
• Drive accurate measurement and reporting of CDK’s compliance with product security standards
• Drive adoption of product security standards across product, technology, and infrastructure teams

3. Product Security Architecture and Engineering:

• Lead and evolve product threatmodeling practices (STRIDE, PASTA, attack trees, etc.)
• Guide development of secure product architecture practices across technology teams
• Develop repeatable engineering and automation patterns to enable “secure by default” design
• Solve challenging product and application security problems

4. Security Operations:

• Work with CDK Security Operations team to identify and enable detection for advanced application security problems
• Drive good development practices in orchestration and automation of macro response workflows
• Be a force multiplier in rare product security incident scenarios

5. Data-Driven Security:

• Help wrangle and correlate security data from multiple tools; prototype metrics, dashboards, or ML models that reveal real risk trends.
• Advise on data quality, cleansing, and correlation strategies.

Required Qualifications:

Education:

• Bachelor’s degree in Computer Science or Information Security, or an equivalent experience

Experience:

• 8+ years

  overall in software / security engineering, including

  5+ years

  focused on product or application security in complex SaaS or ecommerce environments.
• Demonstrated ownership of

  threat modeling

  for modern cloud architectures (microservices, serverless, containers).
• Proven ability to drive security architecture and standards

  autonomously.

• Handson experience with at least one major public cloud and IaC (Terraform, CloudFormation, ARM, etc.).
• Excellent written and verbal communication skills; able to translate deep technical issues into businessfocused recommendations.

Nicetohave:

• Prior work with dataprivacy or dataprotection regulations (GDPR, CCPA, DPDPIndia, etc.).

• Data science / analytics

  chops: experience cleaning, correlating, or modeling large security datasets.
• Strong softwareengineering background, especially in

  Python

  (automation, data pipelines, small tools).
• Familiarity with secure SDLC and AppSec scanning pipelines (SAST, DAST, SCA, container security).
• Experience mentoring or leading distributed teams.

Why join us?

• Impact at scale

  – Your work secures a platform that processes billions of dollars in automotive transactions yearly.

• Autonomy & ownership

  – We hire experts and trust them to deliver.

• Global collaboration

  – Work with top engineers across India and North America, shaping security practices companywide.

• Growth

  – Influence adjacent initiatives in data security, metrics, and architecture alongside our Principal Security Architect.