Principal Product Security Engineer

Job Description

Your Career

As a Principal Product Security Engineer on the Infosec Product Security team, you will be a leading technical authority and strategist, responsible for architecting and spearheading security initiatives across all Palo Alto Networks products end-to-end. You’ll be a pivotal leader and mentor within a deep and savvy security team, setting the vision and driving the company's product security strategy. Furthermore, you will be a thought leader and expert practitioner, championing security engineering and innovations. You will be expected to influence and guide cross-functional executive leadership and teams in Product Management, Development, and DevOps/SRE to embed and advance security throughout the entire product lifecycle.

Your Impact

• Architect, champion, and oversee the implementation of next-gen AppSec technologies with advanced automation into complex, large-scale engineering CI/CD pipelines
• Define and lead the strategy for protecting application security throughout the life-cycle in multi-cloud environments (GCP & AWS) and on-premise solutions, establishing best practices and standards
• Pioneer and champion the development of risk-driven intelligent automation to optimize and scale SAST, SCA, OSS, DAST, Infrastructure as Code (IaC), and RASP integrations with advanced tooling and threat modeling
• Act as a primary thought leader and evangelist, driving the adoption and evolution of Secure SDLC and security best practices across the entire application lifecycle. You possess deep, authoritative knowledge of security from infrastructure through application and will mentor others to effectively apply it
• Spearhead the design, implementation, and continuous improvement of secure software development processes, including secure coding standards, advanced security testing methodologies, and proactive vulnerability management programs
• Own and elevate security reporting, including driving strategic improvements in vulnerability management, coordinating advanced penetration testing engagements, and ensuring infrastructure compliance at a strategic level
• Mentor and guide senior security engineers and technical leads, fostering a culture of technical excellence, innovation, and knowledge sharing within the team and across the engineering organization
• Develop and champion long-term product security roadmaps and strategies, aligning with business objectives, technological advancements, and emerging threat landscapes
• Represent Palo Alto Networks Product Security in external forums, industry conferences, and standard bodies, contributing to the broader cybersecurity community

Qualifications

Your Experience 

• 10-15+ years of hands-on experience in cybersecurity, with 8-12+ years of deep specialization in application security, secure software development, security review, and automation at scale
• Expert-level knowledge and proven track record of architecting, implementing, and scaling security tooling and best practices, such as pre-commit/pre-receive hooks, dependency scanning, SAST, OSS and advanced vulnerability management platforms
• Demonstrated leadership in security tools benchmarking, fine-tuning, and strategic integration to maximize effectiveness and minimize friction
• Extensive experience leading and maturing practices around architectural risk analysis, threat modeling, secure code reviews, static code analysis, and advanced security testing techniques to identify and remediate complex vulnerabilities in enterprise-scale software products
• Authoritative knowledge of industry security standards and best practices (e.g., OWASP, NIST, ISO, MITRE ATT&CK) and experience driving their adoption and adaptation
• Expertise in designing, architecting, and securing large-scale integrations of AWS and/or GCP services into IAM platforms and overall cloud security posture
• Profound expertise in microservice architecture and demonstrated leadership in defining and enforcing security best practices for APIs across complex multi-cloud environments
• Exceptional written and oral communication skills with a proven ability to influence and present to multiple levels of leadership, including executives, involving both business and technical stakeholders
• Demonstrated experience in leading complex, cross-functional security initiatives, setting technical direction, and mentoring senior technical staff
• Track record of innovation in product security, potentially including patents, publications, or significant contributions to open-source security projects