Product Security Engineer

Product Security Engineer Join to apply for the Product Security Engineer role at ClickHouse . About ClickHouse Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast‑growing private cloud companies. With over 2,000 customers and an ARR that has more than quadrupled in the past year, ClickHouse leads the market in real‑time analytics, data warehousing, observability, and AI workloads. ClickHouse’s momentum was confirmed by a recent $350M Series C financing that included new tier‑one investors such as Khosla Ventures, BOND, IVP, Battery Ventures, and Bessemer Venture Partners. We’re on a mission to transform how companies use data, and you could be part of that journey. About the Team The Security Team is responsible for providing key security capabilities covering application, cloud, and enterprise security, incident response, detection, and GRC. We’re looking for a hands‑on security practitioner who will drive the adoption of modern processes and tooling, focusing on supporting our engineering and product teams to improve the security posture of our platforms and services. Location This position can be fully remote anywhere in Canada or the United States. What you will do: Collaborate with engineering and product on improving existing and building new product features with a focus on threat modeling, assurance, and secure implementation (e.g., secure key management, passwordless authentication, M2M authentication, sandboxing, compute/network/storage isolation). Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug‑bounty program, responsible disclosure, and GitHub Issues covering web, API, and server‑client assets—including low‑level memory issues such as heap or buffer overflows. Improve and develop security assurance activities, including pentests, vulnerability assessments, bug‑bounty programs, and fuzzing. Drive implementation and use of engineering security tools—static, dynamic code analysis, dependency checks, and code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL). Nurture the engineering‑security relationship, identifying and implementing process and technology improvements. Handle information security events and incidents across ClickHouse products and services. Develop processes, tooling, and automation to scale security processes and mitigate risks to the business. What you bring along: Experience supporting engineering and product implementation efforts through threat assessments, assurance activities, advisory, and, in some cases, implementation work across distributed systems (web, API, client/server assets). Strong knowledge of and experience with one or more cloud service providers (e.g., AWS, GCP, Azure), Kubernetes, and Cilium. Experience implementing and operating engineering security tools and processes (e.g., static/dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools). Significant development and automation experience, with an ability to work with C++ code. Security‑as‑code mindset, focusing on solving problems with automation and scale in mind. Bonus Points: BS, MS, or PhD in Computer Science or a related field. Previous contributions to open‑source projects. Security or cloud related certifications (AWS, GCP, Azure). Compensation For roles based in the United States, the typical starting salary range for this position is listed above. In certain locations—such as Los Angeles, CA, the San Francisco Bay Area, CA, the Seattle, WA area, and the New York City metro area—a premium market range may apply. These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments. An individual’s placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization. If you have any questions or comments about compensation as a candidate, please get in touch with us at Perks Flexible work environment – ClickHouse is a globally distributed company and remote‑friendly. We currently operate in 20 countries. Healthcare – Employer contributions toward your healthcare. Equity in the company – Every new team member who joins our company receives stock options. Time off – Flexible time off in the US, generous entitlement in other countries. A $500 home‑office setup if you’re a remote employee. Global Gatherings – We believe in the power of in‑person connection and offer opportunities to engage with colleagues at company‑wide offsites. Culture – We All Shape It As part of our first 500 employees, you will be instrumental in shaping our culture. Are you interested in finding out more about our culture? Learn more about our values here. Check out our blog posts or follow us on LinkedIn to learn more about what’s happening at ClickHouse. Equal Opportunity & Privacy ClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Please see here for our Privacy Statement. #J-18808-Ljbffr