At a Glance
- Tasks: Lead product security initiatives and solve complex technical challenges in a collaborative environment.
- Company: Join commercetools, a pioneer in innovative commerce solutions with a culture of experimentation.
- Benefits: Enjoy comprehensive health benefits, learning opportunities, and equity participation.
- Other info: Hybrid role with excellent career growth and a focus on diversity and inclusion.
- Why this job: Make a real impact on product security while working with cutting-edge technology.
- Qualifications: 5+ years in product security and experience in leadership roles.
The predicted salary is between 48000 - 72000 £ per year.
About Commercetools
Real innovation starts with a strong foundation, and at commercetools, that comes from the perfect balance of our product and our people. Behind every leap forward is a collective of builders, explorers, doers, makers, and problem‑solvers. Together they are the engine of commerce innovation today. At commercetools, we power the next era of commerce for our customers. Whether it’s AI‑driven solutions that help enterprises make smarter business decisions, bridging digital and physical shopping experiences, or enabling entirely new ways for industries to connect with their customers, we help the world’s most ambitious companies experiment, scale, and grow without limits.
Your Impact
As our Principal Engineer Product Security, you’ll support the Engineering team by solving challenging technical problems for an ambitious product and enabling teams to "shift left" to build secure services on "multi‑cloud" infrastructure. You will:
- Formulate, evangelise, and drive adoption of the product security strategy
- Assess, advise on, and increase the security maturity posture
- Create a standardised security architecture and operational best practices
- Help track and drive remediation of security and technology risks
- Educate product teams on risk assessments, threat modelling, and building secure API‑first applications
- Review requirements and designs to help product teams address shortcomings
- Embed security tooling into the development process
- Contribute to the review of external penetration tests and help teams prioritise fixes
- Collaborate with product teams to improve overall security and resolve specific issues
- Facilitate or lead customer conversations regarding product security
- Triage and investigate new attack vectors to determine risk mitigation
- Drive security and quality initiatives across the organization and support certification audits
- Collaborate with Product Management, Principal Engineers, and legal/compliance teams
- Identify skills gaps and facilitate knowledge sharing across the organization
This role is hybrid, with three days a week spent in our Berlin, London or Valencia office.
What Sets You Apart
You’re a creative problem‑solver who is wired to find solutions. You confidently dive into complex challenges and have a talent for making them simple for others. Your curiosity drives you to constantly grow and contribute to an environment of trust and teamwork.
What matters most is the mindset you bring to the work.
You Bring
- A strong technical background and 5+ years of proven track record in hands‑on Product Security
- 2+ years of experience improving Product Security in a leadership role
- Experience with customer‑facing security roles and influencing roadmaps in matrix organizations
- Experience in a scale‑up environment with ambitious and competing priorities
- Expertise in formulating, elaborating, and clarifying requirements or priorities
- Experience with Secure Architecture design reviews and Threat Modeling
- Experience infusing security into various levels of the SDLC
- Experience with Static Analysis and Secure Code Review implementations
- Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security
- Practical experience in DevSecOps and proficiency in at least one scripting language like JavaScript or Go
- Project management experience for projects affecting multiple teams
- Experience working within an Agile environment with a strong customer focus
- Experience setting up and running trainings or onboardings
- Clear written and verbal communication in fluent English
AI Aptitude
A genuine curiosity for using AI tools to work smarter and more effectively, paired with a drive to learn and put them into practice in your role.
Nice to Have
- Security Certifications such as CISSP, CCSP, Certified Kubernetes Security Specialist, or GCP/AWS/Azure security certifications
- An eagerness to constantly improve and learn about leadership and new technologies
Our Benefits
Because work and life are connected, our benefits are too. We’ve designed them to give you the security, flexibility, and opportunities you need to focus on what matters most.
- Comprehensive health benefits for you and your dependents, including access to OpenUp for personalized mental health support
- Learning and development opportunities including an annual learning budget, access to self‑paced learning platforms and language training, personalized coaching, mentorship, and leadership programs
- Family Leave Plus gives you additional fully paid weeks of parental leave on top of government‑provided leave, so you can spend more time with your new addition
- Our equity participation program allows you to share in our success
Equal Opportunity Statement
We proudly welcome applicants of every race, color, religion, gender identity, sexual orientation, age, and any other part of your identity that makes you who you are. As an equal‑opportunity employer, we believe that our strength lies in our diversity, and we invite you to be a part of our global community.
Principal Engineer, Product Security employer: commercetools
At commercetools, we pride ourselves on fostering a dynamic and inclusive work culture that empowers our employees to innovate and grow. With comprehensive health benefits, generous family leave, and a strong focus on learning and development, we provide the tools and support necessary for you to thrive in your role as Head of Product – Agentic Offerings. Our hybrid work model in vibrant locations like Berlin, Valencia, or London ensures a balanced approach to work and life, making us an exceptional employer for those looking to make a meaningful impact in the world of commerce.
StudySmarter Expert Advice🤫
We think this is how you could land Principal Engineer, Product Security
✨Tip Number 1
Network like a pro! Reach out to current employees at commercetools on LinkedIn or other platforms. Ask them about their experiences and any tips they might have for landing the Principal Engineer role. Personal connections can make a huge difference!
✨Tip Number 2
Prepare for those interviews by brushing up on your technical skills and security knowledge. Be ready to discuss your past projects and how you've tackled complex challenges in product security. Show us your problem-solving prowess!
✨Tip Number 3
Don’t forget to showcase your soft skills! At commercetools, we value collaboration and communication just as much as technical expertise. Be prepared to share examples of how you’ve worked with teams to drive security initiatives.
✨Tip Number 4
Finally, apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows your genuine interest in being part of our innovative team at commercetools.
We think you need these skills to ace Principal Engineer, Product Security
Some tips for your application 🫡
Show Your Passion for Security:When you're writing your application, let your enthusiasm for product security shine through! Share specific examples of how you've tackled security challenges in the past and how you can bring that experience to our team.
Tailor Your Application:Make sure to customise your CV and cover letter to highlight the skills and experiences that align with the Principal Engineer role. We want to see how your unique background fits into our culture of innovation and problem-solving.
Be Clear and Concise:Keep your application straightforward and to the point. Use clear language to describe your achievements and avoid jargon unless it's relevant. We appreciate a well-structured application that’s easy to read!
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it shows you’re keen on joining our community!
How to prepare for a job interview at commercetools
✨Know Your Stuff
Make sure you brush up on your technical knowledge, especially around product security and secure architecture. Be ready to discuss your hands-on experience and how you've tackled complex challenges in the past.
✨Showcase Your Problem-Solving Skills
Prepare examples of how you've creatively solved problems in previous roles. Think about specific instances where you made a significant impact on security posture or improved processes, and be ready to share these stories.
✨Understand the Company Culture
Familiarise yourself with commercetools' culture of experimentation and collaboration. Be prepared to discuss how you can contribute to this environment and how your unique perspective aligns with their values.
✨Ask Insightful Questions
Prepare thoughtful questions that show your interest in the role and the company. Inquire about their current security challenges, team dynamics, or how they envision the future of product security at commercetools.