Pinecone is hiring a
Staff Product Security Engineer, Remote - United States

Summary

The job is for a Staff Product Security Engineer at Pinecone who will secure cloud infrastructure, improve secdevops function, and conduct secure design reviews. The role involves working with various teams to identify security risks and develop solutions. As the company grows, this role may lead the Product Security Engineering department.

Requirements

• Strong Experience with administration and securing of one or more cloud environments (Google Cloud Platform, AWS, Azure)
• Clear understanding of cloud computing services/deployment architecture and infrastructure as code
• Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies or development of new products and their features
• Ability to communicate ideas and proposals concisely, both verbally and written, to senior staff members
• Experience Implementing SecDevOps across Organizations
• Container (Kubernetes/Docker) and service mesh (istio, linkerd) experience
• Experience with software vulnerabilities, how CVEs are reported, and how they relate to specific system packages and remediations
• Fluent in one or more Programming skills
• A wealth of experience with information security standards & methodologies
• Ability to distill complex security problems and drive toward creative solutions
• Strong organizational and relationship skills

Responsibilities

• Partner with different stakeholders across the organization to secure cloud infrastructure, improve secdevops function, and complete secure design reviews for products
• Work closely with engineers across various domains of the Pinecone infrastructure, driving a culture of empowering engineers to have strong security ownership of their products and services through the development of security resources and tools that help promote a secure by default model
• Identify security risks that can impact our overall security posture, collaborate with teams to develop security solutions and standards to mitigate these risks to our customers and their data

Preferred Qualifications

• Exposure to machine learning applications
• Familiarity with SOC2, NIST, and ISO standards
• CISSP Certification
• Web server/client architecture and implementation experience (OpenAPI/Swagger, gRPC)