Lead Product Security Engineer - US (Remote)
Weights & Biases
San Francisco, CA, USA
Posted on Thursday, October 19, 2023
At Weights & Biases, our mission is to build the best developer tools for machine learning. Weights & Biases is a series C company with $250 million in funding and a rapidly growing user base. Our platform is an essential piece of the daily work for machine learning engineers, from academic research institutions like FAIR and UC Berkeley to massive enterprise teams including iRobot, OpenAI, Toyota Research Institute, Samsung, NVIDIA, Salesforce, Blue Cross Blue Shield, Lyft, and more.
Reporting to the CISO, the Lead Product Security Engineer will directly contribute to securing the Weights & Biases platform that powers our customer's MLOps workflows. Providing both tools and guidance, the Lead Product Security Engineer will enable engineers to deliver our product securely. You will also be the technical leader of our security team responsible for mentoring and growing the team.
- Build security into each stage of the software development lifecycle through the use of automated tools and processes
- Collaborate with product and engineering on design reviews and threat models
- Review code for implementation misconfigurations, vulnerabilities, and business logic flaws
- Triage and respond to reports from our bug bounty and vulnerability disclosure program
- Collaborate with our compliance team to mitigate risks related to security
- Mentor and grow the security team
- Deep understanding of modern security principles including encryption, authn/authz, vulnerability management, etc.
- Experience building security controls into a CI/CD environment
- Solid understanding of threat modeling techniques such as RTMP, PASTA, STRIDE, etc.
- Experience reviewing security scans and remediating vulnerabilities
- Experience writing software in a production setting, ideally with TypeScript, Go, and/or Python
- Effective written and verbal communication skills
- Experience with multiple clouds. We're primarily on GCP but also deploy into AWS and Azure
- Willingness to both teach others and learn new techniques
We encourage you to apply even if your experience doesn't perfectly align with the job description as we seek out diverse and creative perspectives. Team members who love to learn and collaborate in an inclusive environment will flourish with us. We are an equal opportunity employer and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you need additional accommodations to feel comfortable during your interview process, reach out at email@example.com.