ClickHouse is hiring a
Product Security Engineer

Summary

The job is for a Security Practitioner in the Security Team of ClickHouse, a high-performance database management system company. The role involves improving security posture, identifying vulnerabilities, developing security assurance activities, implementing engineering security tools, handling information security events, and driving processes to scale security.

Requirements

• Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
• Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
• Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
• Significant development and automation experience, ability to work with C++ code

Responsibilities

• Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
• Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
• Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
• Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
• Nurture the engineering - security relationship, identify and implement process and technology improvements
• Handle information security events and incidents across ClickHouse products and services
• Develop processes, tooling and automation to scale security processes and mitigate risks to the business

Preferred Qualifications

• BS, MS, or PhD in Computer Science or related field
• Previous contributions to open source projects
• Security or cloud related certifications (AWS, GCP, Azure)

Benefits

• Flexible work environment - ClickHouse is a distributed company offering remote-first work to all employees
• Healthcare - Employer contributions towards your healthcare
• Equity in the company - Every new team member who joins our company receives stock options
• Time off - Flexible time off in the US, generous entitlement in all countries
• A $500 Home office setup. if you’re a remote employee
• Employee-driven international mobility - we enable you to relocate internationally if you wish (within certain countries and timelines and subject to role requirements, time zones and work permit considerations)