Key skills
KubernetesDockerInfrastructure-as-CodeCI/CD automationJavaPythonGoBashFIPS compliancePost-Quantum CryptographyTLS 1.3CVE remediationOWASP Top 10IdentityAccess Managementmanagement skillsTerraformJenkinsGitHub ActionsGitLab CIEKSHelmIAMGitHubGitLabCI/CDTrivyOWASP
About this role
Cloudera is a leading data partner for top companies across various industries, focusing on empowering people to transform complex data into actionable insights. The Staff Software Engineer - Product Security will serve as a technical architect, responsible for translating global security requirements into automated engineering solutions while leading initiatives to enhance the security posture of Cloudera's product suite.
Responsibilities:
- Architect and maintain advanced build tooling to automate and accelerate vulnerability remediation across all engineering pillars
- Lead Proof of Concepts (POCs) and evaluate third-party security tools to enhance our security posture without compromising developer velocity
- Design and develop core security features, including FIPS compliance, TLS/Encryption, Secrets Rotation, Identity & Access Management (IAM), and Certificate Management
- Drive root-cause analysis and triage for complex, product-wide stability issues related to security infrastructure
- Engineer specialized observability tools, such as encryption inventories, to audit and measure security standards during feature delivery
- Author comprehensive design specifications and test plans for cross-component security features, providing technical clarity in the face of ambiguity
- Elevate the team’s technical bar through high-quality code reviews, documentation standards, and active mentorship of engineering talent
- Partner across organizational lines, collaborating with internal stakeholders and senior management to resolve customer escalations and align with long-term objectives
Requirements:
- Bachelor's degree in Computer Science or a related field (or equivalent experience) with 6+ years of professional software engineering experience
- Deep technical expertise in containerized environments, specifically Kubernetes (EKS) and Docker
- Strong command of general-purpose and scripting languages, including Java, Python, Go, and Bash
- Proven experience with Infrastructure-as-Code (IaC) tools such as Terraform and Helm to automate secure infrastructure rollouts
- Expert-level experience automating complex CI/CD pipelines using platforms such as GitLab CI/CD, Jenkins, or GitHub Actions
- Exceptional troubleshooting skills with a track record of identifying root causes for site outages and resolving P1 escalations
- Experience with Post-Quantum Cryptography to support upcoming product transitions
- Practical experience with FIPS 140-3, TLS 1.3, and modern encryption standards
- Proven ability to automate CVE remediation and integrate SAST/DAST scanning tools—such as Trivy, Aquasec, Tenable, or Fortify—into developer workflows
- Familiarity with government compliance frameworks and industry standards including FedRAMP, ISO 27001, and SOC 2
- Deep understanding of secure coding practices and common vulnerabilities as outlined in the OWASP Top 10
- Experience working with Identity and Access Management (IAM) or Identity Governance platforms
- Strong management skills with a demonstrated ability to influence cross-functional teams and drive results in a remote environment