Senior Security Engineer, Cloud Platform

Senior Security Engineer, Cloud Platform

About CelerData

At CelerData, our mission is to empower organizations to fully leverage their data. We achieve this with our cutting-edge, cloud-native, high-performance analytical database, specifically designed for modern lakehouse architectures. We're challenging established solutions like Snowflake, ClickHouse, and Trino by delivering unmatched query performance and a simplified architecture to enterprises globally. Join us as we help our customers convert their data into practical insights and attain outstanding technical achievements.

As a Product Security Engineer at CelerData, you’ll embed with our platform and cloud teams to design and build secure-by-default features for StarRocks and CelerData Cloud. You will drive threat modeling, security assurance, and automation across our control plane, data plane, and BYOC (bring-your-own-cloud) deployments. Your work will span identity, secrets and key management, container / Kubernetes hardening, operating security tooling , and vulnerability management—scaling security through paved roads, tooling, and code .

Key Responsibilities

• Secure design & threat modeling : Partner with PM / engineering to review architectures and data flows (SaaS, on-prem, BYOC). Define security requirements and mitigations for features such as multi-tenant isolation, row / column-level security, auditing, and encryption.
• Security Process : Develop processes, tooling and automation to scale security processes and mitigate risks to the business
• Cloud & Kubernetes hardening : Establish secure baselines for AWS / Azure / GCP; least-privilege IAM; network segmentation and private connectivity (e.g., PrivateLink / Private Endpoint); runtime policies (e.g., Cilium / Calico), admission controls, and secrets handling for K8s.
• Identity & secrets : Advance SSO / MFA for customers and internal systems; standardize OIDC / SAML flows; engineer passwordless and m2m auth; manage KMS / HSM-backed key lifecycles; integrate with Vault for automated rotation.
• Data protection : Ensure encryption in transit / at rest for object stores (S3 / ADLS / GCS) and internal services; define data classification and tokenization / obfuscation patterns where appropriate.
• Vulnerability management & assurance : Run coordinated scanning / fuzzing (including C++ components), triage reports (bug bounty / responsible disclosure), drive fixes to closure with clear SLAs, and commission targeted pentests.
• Detection enablement : Improve security telemetry across control and data planes; contribute product-centric detections / runbooks for abuse, exfiltration, or privilege misuse.
• Incident readiness : Maintain product incident playbooks; participate in investigations affecting CelerData products and customers; lead post-mortems and drive durable remediation.
• Developer enablement : Provide clear guidance, examples, and “paved road” modules (Terraform / K8s manifests, SDK patterns). Deliver practical, lightweight training on secure coding and secrets hygiene.

Qualifications

Preferred Qualifications

#J-18808-Ljbffr