Product Security Engineer, Sigma Computing

• Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree preferred
• Proven experience in offensive security roles such as red teaming, penetration testing, or ethical hacking
• 4+ years of experience in Product security, with a proven track record in designing, implementing, and managing security programs for cloud-based platforms at Product companies
• 2+ years of experience in a penetration testing or similar offensive security role
• Expertise with secure software development practices, including threat modeling, code review
• Familiarity with programming languages such as Golang, Rust, Typescript, Python or similar
• Proficiency in security tools and technologies, such as static and dynamic analysis tools, penetration testing tools, and vulnerability scanners
• Strong technical background in security architecture, CI/CD enablement, cryptography, network security, and application security
• Good understanding of cloud computing technologies and security principles, particularly in AWS, Azure, or GCP environments
• Relevant Security Certifications like OSCP or similar is a plus

• As a Product Security engineer at Sigma, you will play a crucial role in ensuring the security of our data analytics products
• In this role, you'll have the opportunity to see the big picture and engage in activities that span offensive security testing and architecture review, collaborating closely with product and engineering teams to build secure and resilient solutions
• This is a hands-on role that demands understanding of attack vectors, a proactive approach to finding vulnerabilities, and the ability to work strategically to influence security architecture and design
• Your primary goal will be to identify and mitigate security risks, establish robust security practices, and ensure compliance with relevant security standards and regulations
• You will be encouraged to write blogs, speak and join security events to talk about the work you are doing and how other companies can utilize it to better analyze their security data
• Conduct offensive security activities including red teaming, blackbox penetration testing, and vulnerability research and improve defensive blue team capabilities
• Perform comprehensive penetration testing on SaaS applications, and cloud infrastructure
• Collaborate with Engineering and Product teams to integrate security best practices into the software development lifecycle (SDLC)
• Perform threat modeling / data flow diagramming / design risk analysis/ security assessments, code reviews in partnership with business partners, providing guidance that balances security requirements with functional requirements
• You'll have the freedom to not only think like an attacker but also shape the security architecture to preemptively thwart those attacks
• Work on incident response efforts related to product security incidents and breaches
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
• Promote and grow culture of security within product engineering teams & design, build and operate uniform scalable security policies and controls for our entire product surface

• Medical/Dental/Vision Insurance
• 401(k)
• Flexible Vacation
• Flexible Schedule
• Access to Health & Wellness Partners
• Parental Leave

Total funding: $566.3m

Sigma Computing is cloud analytics and business intelligence solution that provides live access to cloud data warehouses using an intuitive spreadsheet interface, allowing customers to analyze data and make insight-driven decisions in a matter of moments, not weeks. The company’s unique architecture of expanding data improves both performance and security by exclusively retaining data in cloud warehouses like Snowflake.