Product Security Engineer

SoundCloud is a next-generation music entertainment company powered by an ecosystem of artists, fans, and thriving communities on the pulse of what's new, now and next in culture. As one of the world's most influential cultural platforms, SoundCloud holds a singular market position as both a music-streaming service with the largest catalog of music and an artist services and distribution business to help artists grow long-term, successful careers.

We are looking for a Product Security engineer to join our Security team!

As a Product Security Engineer, you will collaborate with cross-functional engineering teams to identify and address potential vulnerabilities and implement robust security measures in our products and services. You can advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization. This position has a unique opportunity to play a direct and pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.

Key Responsibilities:

• Promote and implement security best practices in a collaborative manner with product and engineering teams.

• Conduct penetration testing, code reviews, and threat modeling to identify and remediate potential security vulnerabilities

• Collaborate with engineering and operations teams to develop the standards for security across our portfolio of products, applications, and services

• Participate and lead aspects of consumer-facing security incident response and investigations

• Ensure processes associated with critical systems/services are documented, maintained, and archived

• Ability to examine log sources to identify attack patterns and develop countermeasures

• Manage the external bug bounty program for the organization and collaborate with product and engineering teams to validate and remediate submissions

• Help establish metrics to demonstrate security proficiencies across teams and products

• Other duties as required

Requirements:

• 6+ years of relevant software engineering and/or application or product security experience

• Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products

• Experience in conducting security assessments, including penetration testing and vulnerability scanning, code reviews, and practical threat modeling for consumer applications

• Familiarity with security tools such as Nessus, Burp Suite, and web application firewalls

• Familiarity with languages such as Javascript, Go, Ruby, and Scala

• Experience in secure coding practices and secure development methodologies

• Experience with bug bounty programs as an administrator or researcher

• Experience working with cloud providers (AWS, GCP) and SaaS solutions (GitHub)

• Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, ISO 27001, and OWASP

• Strong verbal and written communication skills

The salary range for this role is $140,000 - $160,000 annually. The final salary offered will be determined based on relative experience, skills, internal equity, and location. We also offer a generous total rewards program - read more about additional benefits and perks below!

About us:

• We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London)

• We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home

• We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard

• We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities

Benefits:

• Comprehensive health benefits including medical, dental, and vision plans, as well as mental health resources

• Robust 401k program

• Employee Stock Ownership Plan

• Generous professional development allowance

• Interested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!

• Flexible vacation and public holiday policy where you can take up to 35 days of PTO annually

• 16 paid weeks for all parents (birthing and non-birthing), regardless of gender, to welcome newborns, adopted and foster children

• Various snacks, goodies, and 2 free lunches weekly when at the office

Diversity, Equity and Inclusion at SoundCloud

SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what's next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with. We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.

At SoundCloud you can find your community or elevate your allyship by joining a Diversity Resource Group. Diversity Resource Groups are employee-organized groups focused on supporting and promoting the interests of a particular underrepresented community in order to build a more inclusive culture at SoundCloud. Anyone can join, whether you share the identity or strive to be an ally.