clickhouse

Product Security Engineer

Preview — apply on company site for full detailsApply Now

At a Glance

Location: United States
Work Regime: remote
Posted: 2026-03-19T12:31:41-04:00

Key Requirements

Required Skills

AWSAzureGCPKubernetes

Domain Knowledge

Automation
Education
Engineering
Healthcare

Requirements

Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets

Strong knowledge of and experience with one or more cloud service providers (e.g.

AWS, GCP, Azure), Kubernetes, Cilium, Crossplane

Experience implementing and operating engineering security tools and processes (e.g.

static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)

Significant development and automation experience, ability to work with C++ code preferred

Responsibilities

Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation

Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows

Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing

Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)

Nurture the engineering - security relationship, identify and implement process and technology improvements

Handle information security events and incidents across ClickHouse products and services

Team

The Security Team is responsible for providing key security capabilities covering application, cloud and enterprise security, incident response, detection and GRC. Our team is looking for an experienced, hands-on security practitioner, who will drive the adoption of modern security processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and services.