Product Security Engineer
Wandb in San Francisco, California
At Weights & Biases, our mission is to build the best developer tools for machine learning. Weights & Biases is a series C company with $200 million in funding and a rapidly growing user base. Our platform is an essential piece of the daily work for machine learning engineers, from academic research institutions like FAIR and UC Berkeley to massive enterprise teams including iRobot, OpenAI, Toyota Research Institute, Samsung, NVIDIA, Salesforce, Blue Cross Blue Shield, Lyft, and more.
Reporting to the CISO, the Product Security Engineer will directly contribute to securing the Weights & Biases platform that powers our customer's MLOps workflows. Providing both tools and guidance, the Product Security Engineer will enable engineers to deliver our product securely
- Build security into each stage of the software development lifecycle through through the use of automated tools and processes
- Collaborate with product and engineering on design reviews and threat models
- Review code for implementation misconfigurations, vulnerabilities, and business logic flaws
- Triage and respond to reports from our bug bounty and vulnerability disclosure program
- Support security compliance initiatives and implementations related to security requirements
- Deep understanding of security principles including encryption, authentication/authorization, vulnerability management, etc.
- Experience building security controls into a CI/CD environment
- Solid understanding of threat modeling techniques such as RTMP, PASTA, STRIDE, etc.
- Experience reviewing security scans and remediating vulnerabilities
- Experience writing software in a production setting, ideally with TypeScript, Go, and/or Python
- Effective written and verbal communication skills
- Willingness to both teach others and learn new techniques