Product Security Engineer

Collaborates with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation. Identifies security gaps and vulnerabilities in ClickHouse Cloud and OSS, triages a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows. Improves and develops security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing. Drives implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance. Handles information security events and incidents across ClickHouse products and services. Develops processes, tooling and automation to scale security processes and mitigate risks to the business.