Senior Product Security Engineer II
DBT
About Us
About the Security Team:
The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt.
Our small team size and wide scope of responsibilities require that we work intelligently to address the security needs of dbt’s products. We aim to put yesterday’s problems behind us through a mix of OSS/COTS solutions for commodity problems and using ingenuity to solve the rest.
As an Senior Security Engineer II on this central team, you will have the opportunity to own outsized impact on how securely engineers at dbt are able to build software and infrastructure.
In this role, you can expect to:
- Write code:
- Research, plan, and build solutions to solve security problems at scale.
- Build and deploy automation tools for security monitoring; vulnerability detection, prevention, and remediation; risk assessment and prioritization; and incident response.
- Be an empathetic partner to Engineering teams:
- Partner with cross-functional engineering teams to help them understand and prioritize their biggest security risks.
- Eliminate classes of security problems by building paved paths for engineers to follow.
- Perform security architecture reviews and threat models early in the design process to help teams build systems that are secure by design.
- Be a leader:
- Identify new opportunities for improved security posture across the organization and lead those efforts to success.
- Provide security mentorship to security, software, and infrastructure engineers via 1:1 mentoring, demos, and org-wide security training.
- Play an influential role in maturing our security programs through tooling and process improvements.
- Be a team player:
- Be part of the team’s weekly on-call rotation.
- Conduct security investigations across complex cloud environments in response to incidents or bug bounty submissions.
- Have a bias for action, a penchant for quality, and never stop learning (we have a training budget of $5k/person/year).
You are a good fit if you:
- Take an engineering approach to solving security problems at scale.
- Use data to assess risk, determine priorities, and measure impact.
- Have strong opinions on security topics ranging from Architecture to Zero Trust, the communication skills to deliver those opinions, and the humility to change them.
- Are a builder, excited to write and review code on a daily basis to automate problems away (we primarily use Python and Terraform).
- Are very comfortable working in a cloud-native, Kubernetes-based environment and building software with good engineering practices (e.g., CI/CD, observability, scalability, security).
You'll have an edge if you:
- Have experience building or securing distributed systems on public clouds (we use AWS and Azure).
- Have experience leading threat models and tabletop exercises.
- Have led security incidents and/or built systems and processes to prepare for and respond to them.
Qualifications
- Have 8+ years of professional experience in security or security-focused software engineering.
Compensation & Benefits
- Salary: $189,000 - $255,000
- Equity Stake
- Benefits - dbt Labs offers:
- Unlimited vacation (and yes we use it!)
- 401k w/ 3% guaranteed contribution
- Excellent healthcare
- Paid parental leave
- Wellness stipend
- Home office stipend, and more!
What to expect in the hiring process (all video interviews unless accommodations are needed):
- Interview with Talent Acquisition Partner
- Interview with Hiring Manager
- Team Interviews
- Final Interview with VP of Security
Who we are
At dbt Labs, we have developed strong opinions on how companies should practice analytics.
Specifically, we believe that:
- Code-based transformations offer unmatched flexibility and transparency across various “multi-player” development to power everyone in the organization to collaborate on a common language
- Data analysts should adopt similar practices and tools to software developers
- Critical analytics infrastructure should be controlled by its users as open source software
- Analytic code itself — not just analytics tools — will increasingly be open source
It turns out that a lot of other people believe this too! Today, there are 30,000 companies using dbt every week, 100,000 dbt Community members, and 4,100 companies paying for dbt Cloud. Our customers include JetBlue, Hubspot, Vodafone New Zealand, and Dunelm. dbt is synonymous with the practice of analytics engineering, defining an entire industry. We’re backed by top investors including Andreessen Horowitz, Sequoia Capital, and Altimeter.
dbt Labs is an equal opportunity employer. We're committed to building an inclusive team that welcomes a diversity of perspectives, people, and backgrounds regardless of race, color, national origin, gender, sexual orientation, age, religion, disability, citizenship, veteran status, or any other protected status. We feel strongly that whether or not your experience exactly fits the job description, your passion and skills will stand out and set you apart even if your career has taken some twists and turns. If you are on the fence about whether you meet our requirements, we encourage you to apply anyway! Please reach out to us directly at recruiting@dbtlabs.com if you need assistance or an accommodation.
Want to learn more about our focus on Diversity, Equity and Inclusion at dbt Labs? Check out our DEI page here.
dbt Labs reserves the right to amend or withdraw the posting at any time. For employees outside the United States, dbt Labs offers a competitive benefits package. Equity or comparable benefits may be offered depending on the legal or country limitations.