Lead Product Security Engineer

Position Title: Lead Product Security Engineer

Reports To: Principal Security Architect

As our Lead Product Security Engineer you’ll own threat modeling, secure‑by‑design guidance, and hands‑on engineering for an industry‑leading SaaS platform that powers automotive retail for millions of users. You’ll work autonomously, partner closely with our Application Security (AppSec) scanning team, and influence product teams across the company—from design through incident response.

Working hours: Late‑shift schedule with ~4 hours daily overlap with US Mountain Time (e.g., 1 p.m. – 10 p.m. IST). Some flexibility is expected; we value outcomes over clock‑watching.

Key Responsibilities :

1. Leadership & Strategy:

• Champion security culture and coach teams on secure product design

• Lead the development and implementation of CDK’s product security strategy

• Design and implement technology and processes supporting CDK’s product security strategy

• Effectively partner across security, technology, and business teams

• Provide technical security leadership to product teams

• Develop effective product security metrics and use them to drive improvements
  

2. Product Security Standards:

• Guide the development and continuous improvement of product security standards and guidelines in alignment with risk and compliance requirements

• Drive accurate measurement and reporting of CDK’s compliance with product security standards

• Drive adoption of product security standards across product, technology, and infrastructure teams
  

3. Product Security Architecture and Engineering:

• Lead and evolve product threat‑modeling practices (STRIDE, PASTA, attack trees, etc.)

• Guide development of secure product architecture practices across technology teams

• Develop repeatable engineering and automation patterns to enable “secure by default” design

• Solve challenging product and application security problems
  

4. Security Operations:

• Work with CDK Security Operations team to identify and enable detection for advanced application security problems

• Drive good development practices in orchestration and automation of macro response workflows

• Be a force multiplier in rare product security incident scenarios

5. Data-Driven Security:

• Help wrangle and correlate security data from multiple tools; prototype metrics, dashboards, or ML models that reveal real risk trends.

• Advise on data quality, cleansing, and correlation strategies.

Required Qualifications:

Education:

• Bachelor’s degree in Computer Science or Information Security , or an equivalent experience
  

Experience:

• 8+ years overall in software / security engineering, including 5+ years focused on product or application security in complex SaaS or e‑commerce environments.

• Demonstrated ownership of threat modeling for modern cloud architectures (microservices, serverless, containers).

• Proven ability to drive security architecture and standards autonomously.

• Hands‑on experience with at least one major public cloud and IaC (Terraform, CloudFormation, ARM, etc.).

• Excellent written and verbal communication skills; able to translate deep technical issues into business‑focused recommendations.

Nice‑to‑have:

• Prior work with data‑privacy or data‑protection regulations (GDPR, CCPA, DPDP India, etc.).

• Data science / analytics chops: experience cleaning, correlating, or modeling large security datasets.

• Strong software‑engineering background, especially in Python (automation, data pipelines, small tools).

• Familiarity with secure SDLC and AppSec scanning pipelines (SAST, DAST, SCA, container security).

• Experience mentoring or leading distributed teams.
  

Why join us?

• Impact at scale – Your work secures a platform that processes billions of dollars in automotive transactions yearly.

• Autonomy & ownership – We hire experts and trust them to deliver.

• Global collaboration – Work with top engineers across India and North America, shaping security practices company‑wide.

• Growth – Influence adjacent initiatives in data security, metrics, and architecture alongside our Principal Security Architect.