← Back to list
Job

Product Security Engineer

Security Engineer • Remote • Full-time • 📍 Germany (remote)

ClickHouse's Security Team, responsible for application, cloud and enterprise security, incident response, detection and GRC, is looking for an experienced, hands-on security practitioner. You will drive the adoption of modern security processes and tooling, with a focus on supporting engineering and product teams in improving the security posture of the company's platforms and services. The position can be fully remote anywhere in Germany.

Responsibilities

  • Collaborate with engineering and product on improving existing and building new product features, focusing on threat modeling, assurance and secure implementation (e.g. secure key management, passwordless authentication, m2m authentication, sandboxing, compute/network/storage isolation)
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS; triage vulnerabilities reported via the bug bounty program, responsible disclosure, and GitHub Issues, covering web, API and server-client assets including low-level memory issues such as heap or buffer overflows
  • Improve and develop security assurance activities: pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools: static and dynamic code analysis, dependency checks, code licensing compliance (Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering-security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate business risks

Requirements

  • Experience supporting engineering and product implementation efforts through threat assessments, assurance activities, advisory, and in some cases implementation work across distributed systems (web, API, client/server assets)
  • Strong knowledge of and experience with one or more cloud service providers (AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (static/dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security-as-code mindset, focused on solving problems with automation and scale in mind

Nice to have

  • BS, MS, or PhD in Computer Science or a related field
  • Previous contributions to open source projects
  • Security or cloud related certifications (AWS, GCP, Azure)

Soft skills

Hands-on, practical approach to securityStrong collaboration with engineering and product teamsProcess and technology improvement mindset

What we offer

  • Fully remote work anywhere in Germany
  • Flexible, remote-friendly work environment across more than 20 countries
  • Employer contributions towards healthcare
  • Stock options for every new team member
  • Generous time off entitlement
  • $500 home office setup budget for remote employees
  • Global gatherings and company-wide offsites

About the company

ClickHouse, recognized on the 2025 Forbes Cloud 100 list, is one of the most innovative and fast-growing private cloud companies, leading the market in real-time analytics, data warehousing, observability, and AI workloads. It has more than 3,000 customers, ARR growing over 250 percent year over year, and recently closed a $400M Series D round. Customers include Capital One, Meta, Cursor, Sony, and Tesla.

Education: BSc, MSc vagy PhD informatikából vagy kapcsolódó területről (előny)