Lead Product Security Engineer

Key Responsibilities:

1. Leadership & Strategy:

• Champion security culture and coach teams on secure product design

• Lead the development and implementation of CDKs product security strategy

• Design and implement technology and processes supporting CDKs product security strategy

• Effectively partner across security, technology, and business teams

• Provide technical security leadership to product teams

• Develop effective product security metrics and use them to drive improvements

2. Product Security Standards:

• Guide the development and continuous improvement of product security standards and guidelines in alignment with risk and compliance requirements

• Drive accurate measurement and reporting of CDKs compliance with product security standards

• Drive adoption of product security standards across product, technology, and infrastructure teams

3. Product Security Architecture and Engineering:

• Lead and evolve product threatmodeling practices (STRIDE, PASTA, attack trees, etc.)
• Guide development of secure product architecture practices across technology teams

• Develop repeatable engineering and automation patterns to enable secure by default design

• Solve challenging product and application security problems

4. Security Operations:

• Work with CDK Security Operations team to identify and enable detection for advanced application security problems

• Drive good development practices in orchestration and automation of macro response workflows

• Be a force multiplier in rare product security incident scenarios

5. Data-Driven Security:

• Help wrangle and correlate security data from multiple tools; prototype metrics, dashboards, or ML models that reveal real risk trends.
• Advise on data quality, cleansing, and correlation strategies.

Required Qualifications:

Education:

• Bachelors degree in Computer Science or Information Security, or an equivalent experience

• 8+ years overall in software / security engineering, including 5+ years focused on product or application security in complex SaaS or ecommerce environments.
• Demonstrated ownership of threat modeling for modern cloud architectures (microservices, serverless, containers).
• Proven ability to drive security architecture and standards autonomously.
• Handson experience with at least one major public cloud and IaC (Terraform, CloudFormation, ARM, etc.).
• Excellent written and verbal communication skills; able to translate deep technical issues into businessfocused recommendations.

• Prior work with dataprivacy or dataprotection regulations (GDPR, CCPA, DPDPIndia, etc.).
• Data science / analytics chops: experience cleaning, correlating, or modeling large security datasets.
• Strong softwareengineering background, especially in Python (automation, data pipelines, small tools).
• Familiarity with secure SDLC and AppSec scanning pipelines (SAST, DAST, SCA, container security).
• Experience mentoring or leading distributed teams.