Product Security Engineer

About Click House

Recognized on the 2025 Forbes Cloud 100 list, Click House is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, Click House leads the market in real-time analytics, data warehousing, observability, and AI workloads. The company's sustained, accelerating momentum was recently validated by a $400M Series D financing round.

Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla. We're on a mission to transform how companies use data. Come be a part of our journey!

The Security Team is responsible for providing key security capabilities covering application, cloud and enterprise security, incident response, detection and GRC. Our team is looking for an experienced, hands‑on security practitioner, who will drive the adoption of modern security processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and services.

Note:

This position can be fully remote anywhere in Germany.

• Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation
• Identify security gaps and vulnerabilities in Click House Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, Git Hub Issues covering web, API and server‑client assets including low level memory issues like heap or buffer overflows
• Improve and develop security assurance activities – pentests, vulnerability assessments, bug bounty programs, fuzzing
• Drive implementation and usage of engineering security tools – static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, Git Hub CodeQL)
• Nurture the engineering – security relationship, identify and implement process and technology improvements
• Handle information security events and incidents across Click House products and services
• Develop processes, tooling and automation to scale security processes and mitigate risks to the business

• Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
• Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
• Experience implementing and operating engineering security tools and processes (e.g. static/dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
• Significant development and automation experience, ability to work with C++ code
• Security as code mindset, with focus on solving problems with automation and scale in mind

• BS, MS, or PhD in Computer Science or related field
• Previous contributions to open source projects
• Security or cloud related certifications (AWS, GCP, Azure)

For roles based in the "United States", the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed. These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting.

The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments. An individual's placement within the range will depend on various factors, including (but not limited to) education, qualifications,…