SoundCloud
Music
PrincipalProductSecurityEngineer
Neural analysis suggests this role is
optimal for Principal candidates.
“Principal Product Security Engineer at SoundCloud. Skills: Product Security Engineering, Secure Architecture, Threat Modeling, DevSecOps, Cloud Security. Identify security anti-patterns in codebases and architecture. Drive cross-functional initiatives to address security anti-patterns”
What You'll Achieve.
Safeguarding products against emerging cyber threats
Industry & Context.
Identify and address potential vulnerabilities; Systemically address security anti-patterns; Proactively address security issues in products
What They're Looking For.
Must Have
8+ years of product or application security experience, or other relevant software engineering experience, Deep expertise in designing secure architecture, Experience conducting threat modeling exercises and secure code reviews, Experience configuring DevSecOps tools (e. g. SAST, SCA, Secret Scanning), Experience managing bug bounty programs, Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira), Ability to effectively communicate risk to technical and non-technical audiences, Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
Nice to Have
Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus, Experience with vulnerability management is a plus, Experience threat modelling and securing Generative AI applications
What You'll Do.
Identify security anti-patterns in codebases and architecture
Drive cross-functional initiatives to address security anti-patterns
Guide engineering and product teams on safe and responsible use of agentic AI
Automate security of SDLC and CI/CD pipelines
and on-prem infrastructure
Conduct secure code reviews
Conduct threat modeling exercises
and oversee processes and policies in Vulnerability Management Program
Triage and drive remediation of submissions from external bug bounty program
Participate in security incident response process
Make recommendations to improve consumer security
Promote security best practices through educational initiatives
Improve internal tooling
Define Product Security program and team strategy
Mentor and onboard team members
How You'll Work.
Team & Collaboration
Collaborate cross-functionally with engineering teams; Advocate and shape security best practices across Engineering, Product, and Design (EPD) organization; Guide Engineering and Product teams; Make recommendations to external teams and stakeholders
Communication Scope
Effectively communicate risk to technical and non-technical audiences
Full Job Description
SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform empowering artists to build and grow their careers by providing them with the most progressive tools, services, and resources. With over 400+ million tracks from 40 million artists, the future of music is SoundCloud. We are looking for a Principal Product Security Engineer to join our Security team! As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud’s Engineering, Product, and Design (“EPD”) organization. This position offers a unique opportunity to play a direct, pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans. Key Responsibilities: Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC) Drive efforts to automate the security of our SDLC, including our CI/CD pipelines Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities Define, implement, and oversee processes and policies in our Vulnerability Management Program Triage and drive to remediation submissions from our external bug bounty program Participate in our security incident response process Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform Promote security best practices through educational initiatives such as CTFs and technical talks Improve interna
Applying for this Principal Product Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Greenhouse
- Create a Greenhouse profile before applying — it saves time across multiple applications.
- Upload your resume as a PDF; the parser handles it better than Word.
- Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
- Enable email notifications to track application status in real time.
ANONYMOUS · UNFILTERED
What do employees actually say about SoundCloud?
Real rants from real employees. Read before you apply.