Product Security Engineer

Every day we tackle new and exciting challenges to empower developers to build modern cloud, mobile, and edge applications that deliver a premium user experience. Couchbase delivers unmatched performance, scalability, flexibility and financial value across cloud, on premises, hybrid, mobile and edge deployments. The database market is undergoing a generational shift and is one of the largest market opportunities in enterprise software due to big trends like the need for digital transformation, acceleration to the cloud and innovation at the edge. Join Couchbase to be a part of a greater change. Here you’ll have the opportunity to learn and grow with some of the most innovative, passionate and humble individuals in the database industry.

Product Security Engineer

The Product/Application Security Engineer will be responsible for advocating secure SDLC and AI security practices. You will be responsible for threat modeling and security testing to ensure the delivery of secure product releases. You will evaluate application environments to ensure they are being designed and deployed in compliance with industry standards and best practices. You will collaborate closely with Product Management, Engineering, SRE, Project Managers, and others, in determining and ensuring that security requirements for product releases are met as part of all phases of the secure software development lifecycle (SSDLC) process.

 

You are a software developer at heart with a strong passion for security. You will work with multiple engineering teams to standardize, implement, and enhance product security. You will take an active role in training and spreading awareness to help build a security-first culture. You will be responsible for supporting application security tool deployments and recommend improvements to the tools and processes established within our application security framework to increase efficiency and mature the program.

Key Responsibilities

• Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.
• Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.
• Integrate application security tools within existing development, build, and deployment processes.
• Conduct dynamic & static code scan reviews and run-time tests. 
• Assist with the planning and execution of application penetration tests. 
• Interface and collaborate with Engineering, Cloud, and SOC teams during security incidents.
• Drive the remediation of security vulnerabilities in the products within defined SLAs.
• Assist in completing RFP security questionnaires

Desired Qualifications

• Bachelors in Computer Science, Information Security, or a related field
• 3-5 years of experience focused in the areas of software engineering, application security, cloud security, and related disciplines
• Solid understanding of secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices. 
• Familiarity with various software development & automation tools (e.g., GitHub, Jira, Jenkins, Qualys, SonarCube, Snyk, Sysdig, Veracode, Blackduck, etc.)
• A good understanding of threat modeling and how to mitigate application security risks.
• Knowledge of vulnerability management including CVSS scoring and CVEs across open source and third-party software and supply chains.
• Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS). In addition, experience with security features in AWS, Azure, and GCP Infrastructure is desirable.
• Good understanding of SSO, including OAUTH, SAML
• Database & Mobile security experience a plus
• Industry Certifications such as OSCP, CEH, CISSP, CISM, AWS Certified Security, Azure Security, Google Cloud Security Engineer are considered a plus
• Highly effective written and oral communication skills.
• Strong project management skills and ability to work independently on engagements

Why Couchbase? Modern customer experiences need a flexible cloud database platform that can power applications spanning from cloud to edge and everything in between. Couchbase’s mission is to simplify how developers and architects develop, deploy and consume modern applications wherever they are. We have reimagined the database with our fast, flexible and affordable cloud database platform Capella, allowing organizations to quickly build applications that deliver premium experiences to their customers– all with best-in-class price performance. More than 30% of the Fortune 100 trust Couchbase to power their modern applications and build innovative new ones. See our recent awards to learn why Couchbase is a great place to work.We are honored to be a part of the Best Places to Work Award for the Bay Area and the UK. Couchbase offers a total rewards approach to benefits  that recognizes the value you create here, so that you in turn may best serve yourself and your family. Some benefits include:

• Generous Time Off Program - Flexibility to care for you and your family
• Wellness Benefits - A variety of world class medical plans to choose from, along with dental, vision, life insurance, and employee assistance programs*
• Financial Planning - RSU equity program*, ESPP program*, Retirement program* and Business Travel Insurance
• Career Growth - Be valued, Create value approach
• Fun Perks - An ergonomic and comfortable in-office / WFH setup. Food & Snacks for in-office employees.
• And much more!

*Note: some programs are not applicable to all countries. Please discuss with a Couchbase recruiter to learn more.   Learn more about Couchbase:
News and Press Releases
Couchbase Capella
Couchbase Blog
Investors   Disclaimer: Couchbase is committed to being an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Join an impact initiative group and experience the amazing feeling of Couchbase can-do culture.   By using this website and submitting your information, you acknowledge our Candidate Privacy Notice and understand your personal information may be processed in accordance with our Candidate Privacy Notice following guidelines in your country of application.