[Hiring] Product Security Engineer @DataRobot

Role Description

DataRobot is seeking an experienced Product Security Engineer to drive day-to-day security while ensuring our platform meets the rigorous demands of our on-premises and hosted customers. This is a highly technical, high-impact role where you will operate at the intersection of engineering, automation, and security.

You will serve as a member of our Engineering Product Security group, handle customer security inquiries, and build automation using Python. This role requires a unique blend of technical expertise and diplomatic communication skills to navigate complex customer conversations.

Key Responsibilities

• Security Engineering & Automation
  • Automate Everything: Develop custom automation to manage security processes and implement "Secure-by-Design" processes in the CI/CD pipeline using Python.
  • Container Security: Identify, design, and implement controls to safeguard our containerized production environments.
  • Tooling Management: Deploy and manage product security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
  • Threat Modeling: Review technical designs for new features, leading threat models to prioritize risks and educate developer teams on secure coding practices.
• Customer Trust & Vulnerability Management
  • Threat Assessment & Security Analysis: Conduct and automate end-to-end vulnerability, threat, and exploitability assessments for actionable fixes and mitigations in DataRobot products.
  • Incident Response: Perform initial technical investigation for customer reports and security incidents, coordinating with Engineering and IT Security to validate and track fixes.
  • Customer Engagement: Work directly with Sales & Support teams to resolve concerns regarding security exposure and architecture.
  • Customer-Centric Communication: Balance business needs with security rigor while maintaining strong professional relationships through clear, diplomatic, and solutions-oriented communication.

Qualifications

• Fluent in writing code using Python to build security automation.
• Deep understanding of Linux containers (internals, security isolation).
• Experienced in Git-based collaboration and automating software delivery through CI/CD integration (Jenkins, Harness, or GitHub Actions).
• Familiarity with Kubernetes orchestration is strongly preferred.
• Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.
• Ability to reproduce vulnerabilities in a lab environment to demonstrate impact.
• Strong ability to perform manual code reviews or AI-assisted reviews in Python, Go, and Node.js, looking for flaws that automated tools might miss (e.g., broken access control or insecure business logic).
• Leveraged AI-driven automation to accelerate secure code development and scale security assessments across the SDLC.
• Ability to work independently on complex technical tasks with minimal supervision, while knowing when to escalate architectural decisions to Senior and Staff engineers.
• Experience determining not just how to fix a bug, but why and how it happened and then automate how to prevent it systemically.
• Strong communication skills for guiding teams and liaising with various stakeholders.

Requirements

• 3 to 5 years of experience working in Product Security or Application Security roles.
• Bachelor's in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).

Benefits

• Medical, Dental & Vision Insurance
• Flexible Time Off Program
• Paid Holidays
• Paid Parental Leave
• Global Employee Assistance Program (EAP)
• And more!

Company Description

DataRobot delivers AI that maximizes impact and minimizes business risk. Our platform and applications integrate into core business processes so teams can develop, deliver, and govern AI at scale. DataRobot empowers practitioners to deliver predictive and generative AI, and enables leaders to secure their AI assets. Organizations worldwide rely on DataRobot for AI that makes sense for their business — today and in the future.