Senior Product Security Engineer

SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform providing artists with tools, services, and resources to build their careers. With over 400 million tracks from 40 million artists, SoundCloud is shaping the future of music.

We are seeking a ProdSec Engineer to join our Security team. As a Product Security Engineer, you will collaborate with engineering teams to identify vulnerabilities and implement security measures in our products. You will advocate for security best practices across SoundCloud’s Engineering, Product, and Design teams, playing a pivotal role in safeguarding our platform, artists, creators, and listeners.

Key Responsibilities:

• Conduct code reviews and threat modeling to identify vulnerabilities.
• Automate security within our Software Development Lifecycle.
• Manage processes and policies in our Vulnerability Management Program.
• Handle triage and remediation for bug bounty submissions.
• Participate in security incident response.
• Advise teams on improving consumer security.
• Identify security anti-patterns and recommend improvements.
• Guide teams on the secure use of Generative AI.
• Promote security best practices through educational initiatives.
• Enhance internal tooling, processes, and documentation.
• Mentor new team members.

Experience and Background:

• 5+ years in product/application security or relevant software engineering.
• Passion for collaborating on security issues.
• Experience with threat modeling and code reviews.
• Knowledge of DevSecOps tools (SAST, SCA, Secret Scanning).
• Experience managing bug bounty programs.
• Familiarity with languages like JavaScript, Go, Ruby, Python, or Scala.
• Experience with cloud providers (AWS, GCP) and tools like GitHub, Jira.
• Knowledge of IaC tools such as Terraform.
• Ability to communicate risks effectively.
• Experience with SQL and vulnerability impact analysis.
• Knowledge of security frameworks and regulations (GDPR, CCPA, SOC2, NIS2, OWASP) is a plus.
• Experience in vulnerability management and threat modeling for Generative AI is a plus.

The salary range is $140,000 - $180,000 annually, based on experience and location. We offer a comprehensive rewards program and benefits.