Senior Security Engineer, Cloud Platform

About CelerData

At CelerData, our mission is to empower organizations to fully leverage their data. We achieve this with our cutting-edge, cloud-native, high-performance analytical database, specifically designed for modern lakehouse architectures. We're challenging established solutions like Snowflake, ClickHouse, and Trino by delivering unmatched query performance and a simplified architecture to enterprises globally. Join us as we help our customers convert their data into practical insights and attain outstanding technical achievements.

Job Overview

As a Product Security Engineer at CelerData, you'll embed with our platform and cloud teams to design and build secure-by-default features for StarRocks and CelerData Cloud. You will drive threat modeling, security assurance, and automation across our control plane, data plane, and BYOC (bring-your-own-cloud) deployments. Your work will span identity, secrets and key management, container / Kubernetes hardening, operating security tooling, and vulnerability management-scaling security through paved roads, tooling, and code.

Key Responsibilities

• Secure design & threat modeling : Partner with PM / engineering to review architectures and data flows (SaaS, on-prem, BYOC). Define security requirements and mitigations for features such as multi-tenant isolation, row / column-level security, auditing, and encryption.
• Security Process : Develop processes, tooling and automation to scale security processes and mitigate risks to the business
• Cloud & Kubernetes hardening : Establish secure baselines for AWS / Azure / GCP; least-privilege IAM; network segmentation and private connectivity (e.g., PrivateLink / Private Endpoint); runtime policies (e.g., Cilium / Calico), admission controls, and secrets handling for K8s.
• Identity & secrets : Advance SSO / MFA for customers and internal systems; standardize OIDC / SAML flows; engineer passwordless and m2m auth; manage KMS / HSM-backed key lifecycles; integrate with Vault for automated rotation.
• Data protection : Ensure encryption in transit / at rest for object stores (S3 / ADLS / GCS) and internal services; define data classification and tokenization / obfuscation patterns where appropriate.
• Vulnerability management & assurance : Run coordinated scanning / fuzzing (including C++ components), triage reports (bug bounty / responsible disclosure), drive fixes to closure with clear SLAs, and commission targeted pentests.
• Detection enablement : Improve security telemetry across control and data planes; contribute product-centric detections / runbooks for abuse, exfiltration, or privilege misuse.
• Incident readiness : Maintain product incident playbooks; participate in investigations affecting CelerData products and customers; lead post-mortems and drive durable remediation.
• Developer enablement : Provide clear guidance, examples, and "paved road" modules (Terraform / K8s manifests, SDK patterns). Deliver practical, lightweight training on secure coding and secrets hygiene.

Qualifications

Minimum Requirements

Preferred Qualifications

#J-18808-Ljbffr