Sign upLog in
JobsJobs in CaliforniaJobs in Palo Alto, CAInformation Technology and Internet JobsIT Jobs

Principal Product Security Engineer

Obsidian Security

Palo Alto, CA

Apply
JOB DETAILS
SALARY
$260,000–$300,000 Per Year
SKILLS
Access Control, Amazon Web Services (AWS), Applications Security, Artificial Intelligence (AI), Automation, Budgeting, Business Operations, Cloud Applications, Cloud Computing, Code Reviews, Communication Skills, Computer Security, Conferences, Continuous Deployment/Delivery, Continuous Integration, Cross-Functional, Customer Support/Service, Data Management, DevOps, Diversity, Ecosystems, Endpoint Security, Engineering, Financial Services, Fortune 1000 Customers, Fundraising, Fuzz Testing, GCP (Good Clinical Practices), Information Technology & Information Systems, Internet Security, Leadership, Mentoring, Metrics, Microsoft Product Family, Model Review, OAuth, Penetration Testing, Product Engineering, Product Programs, Python Programming/Scripting Language, Reporting Dashboards, Risk Management, Sales Pipeline, Salesforce.com, Secure Coding, Security Architecture, Security Attacks, Security Design, Security Infrastructure, Security Monitoring, Software Development Lifecycle (SDLC), Software Engineering, Software as a Service (SaaS), Startup, Technical Leadership, Technical Writing, Threat Modeling, Web Browsers
LOCATION
Palo Alto, CA
POSTED
3 days ago

Obsidian Security is the leading SaaS security platform, trusted by global enterprises like Snowflake, T-Mobile, and Algolia. We protect 200+ organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand, including many of the world's largest Fortune 1000 and Global 2000 companies.

Founded in 2017 and backed by top investors like Greylock, Obsidian was built to close a critical gap: securing SaaS apps where business happens—Microsoft 365, Salesforce, and hundreds more. The company does this by offering a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, they're transforming how SaaS is secured.

With AI driving rapid SaaS growth and complexity, agentic AI tools gain privileged access to sensitive data through integrations, creating new risks most security tools miss. Obsidian uniquely detects anomalous OAuth token activity and manages integration risks. Major announcements are on the horizon. Recognizing that SaaS security needs to evolve, Obsidian enables growing organizations to start with a lightweight, prevention-focused browser extension and expand coverage over time.

With global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise ahead, Obsidian is scaling rapidly toward long-term growth and IPO readiness.

Principal Product Security Engineer

Position Overview

We're looking for a Principal Product Security Engineer to lead and scale Obsidian's product security program across our SaaS product, cloud infrastructure, CI/CD pipelines, and related services. This is a senior, highly technical role for someone who can combine deep security engineering expertise with strong ownership, judgment, and cross-functional leadership.

You'll partner closely with Engineering, Product, GRC, IT, DevOps, SRE, and Platform teams to embed security throughout the SDLC, strengthen cloud and infrastructure security, mature threat modeling and secure design practices, and drive automation across detection, response, vulnerability management, and security testing.

This role reports to the Head of Security and is ideal for a seasoned product security leader who thrives in a fast-moving, high-growth cybersecurity startup and wants to make a meaningful impact on the security of our product, customers, and organization.

Key Responsibilities

  • Lead and evolve Obsidian's product security program, including standards, runbooks, technical documentation, and operational practices.
  • Provide technical leadership, mentorship, and secure design guidance to security and engineering teams.
  • Drive security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews.
  • Integrate security deeply into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD security controls.
  • Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, secrets management, and service-to-service access controls.
  • Improve security automation, monitoring, metrics, dashboards, and reporting.
  • Lead technical response for product security incidents, vulnerability remediation, penetration testing, and red team findings.
  • Support customer and prospect security reviews as a senior technical security expert.

What We're Looking For

  • 10+ years of product security and/or engineering experience in cloud-native environments, ideally in cybersecurity, financial services, or another high-security industry.
  • Strong software engineering skills, especially in Python.
  • Hands-on expertise with Terraform, Kubernetes, AWS, GCP, GitLab, security automation, and security metrics.
  • Deep knowledge across application security, cloud security, detection and response, vulnerability management, and secure SDLC practices.
  • Experience partnering with engineering, product, IT, GRC, and external stakeholders during security reviews and incidents.
  • Strong communication skills with the ability to influence, educate, and raise security maturity across the company.
  • A mission-driven, ownership-oriented mindset and the ability to thrive in a dynamic startup environment.

What We Offer

  • A team-first, low-ego, mission-focused culture.
  • High-impact work shaping the security of Obsidian's product and platform.
  • Professional development opportunities and annual conference budget.
  • Competitive salary, equity, and health benefits.
  • Opportunities to publish research, share non-proprietary code, and present at conferences.
  • The chance to join a fast-growing company backed by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, and Norwest Venture Partners.

Employee Benefits

Our competitive benefits packages are designed to support our employees' well-being, both at work and at home.  Our US based employees enjoy:

  • Competitive compensation with equity and 401k
  • Comprehensive healthcare with dental and vision coverage
  • Flexible paid time off and paid holiday time off 
  • 12 weeks of new parent or family leave
  • Personal and professional development resources

For more details on our US benefits, or for information on our international benefits, please see here.

Pay Transparancy

Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for sales commission or incentive compensation based on the role or function within the company.

At Obsidian, we are proud to be an equal-opportunity employer. We value diversity and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.  If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com

Information collected and processed as part of any job applications you choose to submit is subject to Obsidian's Applicant Privacy Policy.

Base Salary Range
$260,000—$300,000 USD

About the Company

O

Obsidian Security

Similar Job Searches

Application Analyst JobsComputer Analyst JobsComputer Technician JobsConfiguration Manager JobsDeployment Manager JobsFunctional Analyst JobsInformation Analyst JobsInformation Architect JobsInformation Security Manager JobsInformation Systems Manager Jobs