Senior Product Security Engineer

About the Role:
CloudZero is seeking our first Senior Product Security Engineer. In this pivotal role, you will shape the security framework of our market-leading cloud cost intelligence platform, addressing some of the most critical challenges cloud-driven businesses face today. You will establish and champion best-in-class security practices, ensuring our platform remains resilient and our customers’ sensitive data is always safeguarded.

Collaborating closely with our engineering teams, you will design and implement secure development processes, identify and address vulnerabilities, and foster a security-first mindset throughout our product lifecycle. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Responsibilities:

• Drive Security By Design 
• Drive and influence the inclusion of security in product design and development. 
• Partner with the software engineering team to champion secure coding practices, ensuring automated code reviews identify and address risks early in development.
• Develop and integrate security automation into the CI/CD pipeline to enable scalable and consistent security testing across the software development lifecycle.  
• Training & Enablement
• Develop application specific security training for our engineering organization. 
• Build and drive adoption of security champions programs across the engineering organization. 
• Vulnerability and Risk Management
• Implement and enforce vulnerability and risk management policies. 
• Lead threat modeling exercises to uncover potential risks and ensure mitigation strategies are integrated into the product design. 

• 3-5+ years of Python experience.
• Knowledgeable with AWS, GCP, Azure and Snowflake. 
• Proven expertise with application security testing tools, such as Burp Suite.
• Strong understanding of OWASP Top 10.
• Familiarity with SCA tools (e.g., Snyk, Dependency-Check) to manage open-source security risks.
• Knowledge and experience securing CI/CD pipelines (Github Actions, Jenkins etc.) 
• Strong understanding of secure coding practices, vulnerability management
• Familiarity with threat modeling frameworks and experience applying them to real-world applications.
• Exceptional communication skills, with the ability to explain technical concepts to developers, executives, and non-technical stakeholders.
• A proactive mindset with a passion for enabling developers to adopt secure practices without friction.
• Ability to participate in our incident response team on-call rotation.
  
  

About CloudZero
Cloud cost management is one of the biggest challenges organizations face today. As cloud adoption continues to accelerate, so do the complexities and costs associated with it — and macroeconomic conditions only increase pressure to prove cloud efficiency. That’s why we built CloudZero: a SaaS platform at the intersection of next-generation cloud cost management and FinOps. CloudZero ingests billing and usage data from all cloud, SaaS, and PaaS providers, organizes it in real time according to our customers’ business structures, lets customers view it at any level of time or resource granularity, and ultimately empowers them to make more informed business decisions.

Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization. At CloudZero, we believe every engineering decision is a buying decision, yet the cost conversation often bypasses the engineers who drive those determinations. To solve this, we’ve built a dynamic, single-page application that answers the complex, data-heavy questions every cloud-based organization needs to ask if they want to grow their company profitably.

To date, we’ve raised over $52 million from leading venture capital firms across the country. We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever. We’re growing rapidly and would love for you to be a part of it!

Equal Opportunity Employer

CloudZero is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status. All job offers are contingent upon the candidate passing background and reference checks.

**Applicants must be authorized to work for ANY employer in the United States. We are unable to sponsor or take over sponsorship of an employment Visa at this time.**