Job Details

divh2Product Security Engineer/h2pRecognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With over 2,000 customers and ARR that has more than quadrupled over the past year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads. ClickHouses incredible momentum was confirmed in its recent $350M Series C financing that included new, tier one investors, Khosla Ventures, BOND, IVP, Battery Ventures and Bessemer Venture Partners. Were on a mission to transform how companies use data. Come be a part of our journey!/ph3About the Team/h3pThe Security Team is responsible for providing key security capabilities covering application, cloud and enterprise security, incident response, detection and GRC. Our team is looking for an experienced, hands-on security practitioner, who will drive the adoption of modern security processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and services./ppWhat You Will Do:/pulliCollaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation/liliIdentify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows/liliImprove and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing/liliDrive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)/liliNurture the engineering - security relationship, identify and implement process and technology improvements/liliHandle information security events and incidents across ClickHouse products and services/liliDevelop processes, tooling and automation to scale security processes and mitigate risks to the business/li/ulpWhat You Bring Along:/pulliExperience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets/liliStrong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium, Crossplane/liliExperience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)/liliSignificant development and automation experience, ability to work with C++ code preferred/liliSecurity as code mindset, with focus on solving problems with automation and scale in mind/li/ulpBonus Points:/pulliBS, MS, or PhD in Computer Science or related field/liliPrevious contributions to open source projects/liliSecurity or cloud related certifications (AWS, GCP, Azure)/li/ulpThe typical starting salary for this role in the US is $169,150 - $191,250 USD/ppThe typical starting salary for this role in US Premium Markets is $169,150 - $225,000 USD/ppThese salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments./ppAn individuals placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization./ph3Perks/h3ulliFlexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries./liliHealthcare - Employer contributions towards your healthcare./liliEquity in the company - Every new team member who joins our company receives stock options./liliTime off - Flexible time off in the US, generous entitlement in other countries./liliA $500 Home office setup if youre a remote employee./liliGlobal Gatherings We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites./li/ulpCulture - We All Shape It/ppAs part of our first 500 employees, you will be instrumental in shaping our culture. Are you interested in finding out more about our culture? Learn more about our values here. Check out our blog posts or follow us on LinkedIn to find out more about whats happening at ClickHouse./ppEqual Opportunity Privacy/ppClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws./ppPlease see here for our Privacy Statement./p/div