ZipRecruiter

Log In

1

Principal Product Security Engineer Jobs (NOW HIRING)

next page

Showing results 1-20

All JobsPrincipal Product Security Engineer Jobs

Principal Product Security Engineer information

See salary details

$74K

$147.2K

$212.5K

How much do principal product security engineer jobs pay per year?

As of Jun 10, 2026, the average yearly pay for principal product security engineer in the United States is $147,220.00, according to ZipRecruiter salary data. Most workers in this role earn between $118,500.00 and $173,000.00 per year, depending on experience, location, and employer.

How does a Principal Product Security Engineer typically collaborate with cross-functional teams during the product development lifecycle?

As a Principal Product Security Engineer, collaboration with cross-functional teams is integral to ensuring security is embedded throughout the product development lifecycle. You’ll work closely with product managers, software engineers, DevOps, and QA teams to identify potential security risks, review architectural decisions, and define security requirements early in the design phase. Regularly, you may lead security reviews, provide guidance on secure coding practices, and coordinate incident response plans. This role often involves educating teams on emerging threats and supporting them in implementing effective security controls, fostering a culture of shared responsibility for product security.

What are the key skills and qualifications needed to thrive as a Principal Product Security Engineer, and why are they important?

To thrive as a Principal Product Security Engineer, you need deep expertise in cybersecurity, secure software development, risk assessment, and a relevant degree or certifications such as CISSP or OSCP. Familiarity with security tools like static/dynamic code analyzers, penetration testing frameworks, and cloud security platforms is typically required. Outstanding analytical thinking, leadership, and communication skills help drive security initiatives and mentor cross-functional teams. These skills are crucial to proactively identify and mitigate security risks, ensuring robust protection of products and user data.

What is a Principal Product Security Engineer?

A Principal Product Security Engineer is a senior-level professional responsible for overseeing and guiding the security aspects of product development. They work closely with engineering, product, and security teams to ensure that security best practices are integrated throughout the product lifecycle. Their duties include conducting risk assessments, developing secure architecture, reviewing code, and mentoring other team members on security standards. This role often involves setting security strategy and policies, as well as staying current on the latest security threats and technologies.

What is the difference between Principal Product Security Engineer vs Security Engineer?

AspectPrincipal Product Security EngineerSecurity Engineer
CredentialsTypically requires certifications like CISSP, CISA, or GIAC; advanced degrees often preferredOften holds certifications such as Security+, CEH, or CISSP; may have less experience required
Work EnvironmentLeads security initiatives, designs security architecture, and influences product security strategyImplements security measures, monitors systems, and responds to security incidents
Employer & Industry UsageCommon in tech companies, especially in product-focused roles within cybersecurity teamsWidely used across industries for maintaining security posture and compliance

The Principal Product Security Engineer focuses on strategic security design and leadership in product security, while the Security Engineer handles day-to-day security operations and incident response. Both roles are vital but differ in scope and seniority within security teams.

More about Principal Product Security Engineer jobs
What job categories do people searching Principal Product Security Engineer jobs look for? The top searched job categories for Principal Product Security Engineer jobs are:
Principal Product Security Engineer jobs near you
Infographic showing various Principal Product Security Engineer job openings in the United States as of June 2026, with employment types broken down into 84% Full Time, 14% Part Time, and 2% Contract. Highlights an 87% Physical, 5% Hybrid, and 8% Remote job distribution, with an average salary of $147,220 per year, or $70.8 per hour.
Principal Product Security Engineer

Principal Product Security Engineer

Obsidian Security

Palo Alto, CA

Other

Posted 12 days ago

Job description

Principal Product Security Engineer

Position Overview

We're looking for a Principal Product Security Engineer to lead and scale Obsidian's product security program across our SaaS product, cloud infrastructure, CI/CD pipelines, and related services. This is a senior, highly technical role for someone who can combine deep security engineering expertise with strong ownership, judgment, and cross-functional leadership.

You'll partner closely with Engineering, Product, GRC, IT, DevOps, SRE, and Platform teams to embed security throughout the SDLC, strengthen cloud and infrastructure security, mature threat modeling and secure design practices, and drive automation across detection, response, vulnerability management, and security testing.

This role reports to the Head of Security and is ideal for a seasoned product security leader who thrives in a fast-moving, high-growth cybersecurity startup and wants to make a meaningful impact on the security of our product, customers, and organization.

Key Responsibilities

  • Lead and evolve Obsidian's product security program, including standards, runbooks, technical documentation, and operational practices.
  • Provide technical leadership, mentorship, and secure design guidance to security and engineering teams.
  • Drive security architecture reviews, threat modeling, secure coding practices, and scalable security design reviews.
  • Integrate security deeply into the SDLC through code review, SAST/DAST, fuzzing, SBOMs, dependency scanning, and CI/CD security controls.
  • Partner with infrastructure teams to harden AWS, GCP, Kubernetes, GitLab, Terraform, data pipelines, secrets management, and service-to-service access controls.
  • Improve security automation, monitoring, metrics, dashboards, and reporting.
  • Lead technical response for product security incidents, vulnerability remediation, penetration testing, and red team findings.
  • Support customer and prospect security reviews as a senior technical security expert.

What We're Looking For

  • 10+ years of product security and/or engineering experience in cloud-native environments, ideally in cybersecurity, financial services, or another high-security industry.
  • Strong software engineering skills, especially in Python.
  • Hands-on expertise with Terraform, Kubernetes, AWS, GCP, GitLab, security automation, and security metrics.
  • Deep knowledge across application security, cloud security, detection and response, vulnerability management, and secure SDLC practices.
  • Experience partnering with engineering, product, IT, GRC, and external stakeholders during security reviews and incidents.
  • Strong communication skills with the ability to influence, educate, and raise security maturity across the company.
  • A mission-driven, ownership-oriented mindset and the ability to thrive in a dynamic startup environment.

What We Offer

  • A team-first, low-ego, mission-focused culture.
  • High-impact work shaping the security of Obsidian's product and platform.
  • Professional development opportunities and annual conference budget.
  • Competitive salary, equity, and health benefits.
  • Opportunities to publish research, share non-proprietary code, and present at conferences.
  • The chance to join a fast-growing company backed by Greylock Partners, Google Ventures, Menlo Ventures, WingVC, and Norwest Venture Partners.

Apply