Staff Software Engineer - Product Security

Cloudera•Austin, TX

1d•Remote

About The Position

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises. The Product Security group ensures our platforms are secure by design and compliant with the world’s most rigorous industry and government standards. As a Staff Product Security Engineer, you will serve as a technical architect of trust and the primary connective tissue between Security, Product, and Engineering teams. You will be responsible for translating complex global security requirements into actionable, automated engineering solutions, acting as the "go-to" expert for the Security Features team. As a senior technical member of the team, you will exercise significant latitude in defining technical objectives and architectural approaches to complex challenges. Leveraging a deep understanding of distributed systems and cloud-native platforms, you will lead high-impact, security-driven initiatives across the entire Cloudera product suite.

Requirements

Bachelor’s degree in Computer Science or a related field (or equivalent experience) with 6+ years of professional software engineering experience.
Deep technical expertise in containerized environments, specifically Kubernetes (EKS) and Docker.
Strong command of general-purpose and scripting languages, including Java, Python, Go, and Bash.
Proven experience with Infrastructure-as-Code (IaC) tools such as Terraform and Helm to automate secure infrastructure rollouts.
Expert-level experience automating complex CI/CD pipelines using platforms such as GitLab CI/CD, Jenkins, or GitHub Actions.
Exceptional troubleshooting skills with a track record of identifying root causes for site outages and resolving P1 escalations.

Nice To Haves

Experience with Post-Quantum Cryptography to support upcoming product transitions.
Practical experience with FIPS 140-3, TLS 1.3, and modern encryption standards.
Proven ability to automate CVE remediation and integrate SAST/DAST scanning tools—such as Trivy, Aquasec, Tenable, or Fortify—into developer workflows.
Familiarity with government compliance frameworks and industry standards including FedRAMP, ISO 27001, and SOC 2.
Deep understanding of secure coding practices and common vulnerabilities as outlined in the OWASP Top 10.
Experience working with Identity and Access Management (IAM) or Identity Governance platforms.
Strong management skills with a demonstrated ability to influence cross-functional teams and drive results in a remote environment.

Responsibilities

Architect and maintain advanced build tooling to automate and accelerate vulnerability remediation across all engineering pillars.
Lead Proof of Concepts (POCs) and evaluate third-party security tools to enhance our security posture without compromising developer velocity.
Design and develop core security features, including FIPS compliance, TLS/Encryption, Secrets Rotation, Identity & Access Management (IAM), and Certificate Management.
Drive root-cause analysis and triage for complex, product-wide stability issues related to security infrastructure.
Engineer specialized observability tools, such as encryption inventories, to audit and measure security standards during feature delivery.
Author comprehensive design specifications and test plans for cross-component security features, providing technical clarity in the face of ambiguity.
Elevate the team’s technical bar through high-quality code reviews, documentation standards, and active mentorship of engineering talent.
Partner across organizational lines, collaborating with internal stakeholders and senior management to resolve customer escalations and align with long-term objectives.