Product Security Engineer

Summary

Join Calendly's growing Security team as a Product Security Engineer and contribute to building a robust security practice from the ground up. You will be responsible for ensuring the security of Calendly's products and infrastructure, implementing security automation, and driving security improvements across the company. This role involves assessing and elevating cloud infrastructure security posture, securing workloads in Google Kubernetes Engine, defining security requirements for new deployments, and contributing to the team's automated tooling. You will also engage with stakeholders on security strategy and tactics, support the bug bounty program, and conduct security reviews.

Requirements

• Experience in cloud infrastructure (especially GCP), software development, and/or security experience at a SaaS or technology company
• Working knowledge for securing common patterns for cloud native applications on Kubernetes
• Experience with a variety of security tools (SAST, DAST, ASPM, SCA, etc) and OWASP top ten vulnerabilities
• Experience guiding product, engineering, or infrastructure stakeholders in delivering secure features
• Experience in at least one modern programming languages (Ruby, Python, Go, C#, etc.)
• Experience articulating security principles and practices to technical and non-technical audiences
• Understanding of the Linux operating system, and systems engineering fundamentals
• Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time

Responsibilities

• Assessing and elevating our cloud infrastructure security posture
• Implementing Google Cloud Platform security best practices and experience at scale
• Securing workloads in Google Kubernetes Engine using both native GCP and 3rd party software/tools
• Defining and communicating security requirements for new deployments, as well as standardizing security measures for common infrastructure patterns
• Contributing to the Product Security team’s automated tooling
• Introducing systemic and fundamental security and privacy controls in Calendly’s software and infrastructure
• Actively engaging with infrastructure, product, and engineering stakeholders regarding security strategy and tactics
• Supporting our bug bounty program and conducting security reviews

Benefits

• Quarterly Corporate Bonus program (or Sales incentive)
• Equity awards
• Competitive benefits