DataRobot

Staff Product Security Engineer

DataRobot$130K — $180K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in Information Security with a focus on Product Security or AppSec
  • Bachelor’s or Master’s degree in Computer Science or related field
  • Deep understanding of FedRAMP authorization and NIST 800-53
  • Proficiency in Python or Go for security automation
  • Hands-on experience with security tools like Semgrep and Trivy

Responsibilities

  • Lead the technical efforts for acquiring and maintaining ATO at FedRAMP High and DoD IL5
  • Translate federal security controls into actionable requirements for developers
  • Write and maintain security policies and procedures
  • Develop automation for security tooling in CI/CD processes
  • Implement security controls for containerized environments
  • Manage and deploy security testing tools
  • Interface with customer security teams to resolve CVE-related concerns

Benefits

  • Medical, Dental & Vision Insurance
  • Flexible Time Off Program
  • Paid Holidays
  • Paid Parental Leave
  • Global Employee Assistance Program (EAP)
Full Job Description

Job Description:

DataRobot is seeking an experienced Staff Product Security Engineer to drive security innovation while ensuring our platform meets the rigorous demands of our Federal and Commercial customers. This is a highly technical, high-impact role where you will operate at the intersection of engineering, automation, and federal compliance (FedRAMP High / DoD IL5).

You will serve as a subject matter expert for our Federal group, handle high-stakes customer security inquiries, and build automation using Python and Go. This role requires a unique blend of technical expertise, regulatory fluency, and diplomatic communication skills to navigate complex customer conversations.


Key Responsibilities:

Federal Compliance & Strategy

  • Lead Federal Security: Serve as a primary technical lead for the DataRobot Federal Group, driving the acquisition and maintenance of Authority to Operate (ATO) at FedRAMP High and DoD IL5 levels.

  • Compliance Engineering: Translate complex federal controls (NIST 800-53) into actionable engineering requirements for commercial developers.

  • Audit & Policy Management: Write and maintain security policies (SSPs) and procedures. Develop, track, and remediate Plans of Action and Milestones (POA&Ms) and provide technical evidence during third-party audits.

Security Engineering & Automation

  • Automate Everything: Develop custom automation to manage security tooling and implement "Secure-by-Design" processes in the CI/CD pipeline using Python or Go.

  • Container Security: Identify, design, and implement controls to safeguard our containerized production environments.

  • Tooling Management: Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).

  • Threat Modeling: Review technical designs for new features, performing threat models to prioritize risks and educate developer teams on secure coding practices.

Customer Trust & Vulnerability Management

  • Customer Engagement: Act as the external face of DataRobot Security. Work directly with customers' security teams to resolve concerns regarding CVE exposure and architecture.

  • Customer-Centric Communication: Balance business needs with security rigor. You must be able to stand firm on security policies while maintaining strong professional relationships through clear, diplomatic, and solutions-oriented communication.

Knowledge, Skills, and Abilities:

  • Federal Fluency: Deep understanding of the FedRAMP authorization process, NIST 800-53, and DoD Cloud Computing Security Requirements Guide (SRG).

  • Technical Proficiency:

    • Fluent in writing code using Python or Go to build security automation.

    • Must have a deep understanding of Linux containers (internals, security isolation).

    • Familiarity with Kubernetes orchestration is strongly preferred.

    • Hands-on experience with common security tools such as Semgrep, Trivy, and Burp Suite.

  • Strategic Mindset: Experience determining not just how to fix a bug, but why it happened and how to prevent it systemically.

  • Soft Skills: Strong leadership skills for guiding teams and liaising with various stakeholders.

Requisite Education and Experience:

  • Citizenship:Must be a United States Citizen residing in the United States.

  • 8+ years of experience working in Information Security, with significant time spent in Product Security or AppSec roles.

  • Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).

The talent and dedication of our employees are at the core of DataRobot’s journey to be an iconic company. We strive to attract and retain the best talent by providing competitive pay and benefits with our employees’ well-being at the core. Here’s what your benefits package may include depending on your location and local legal requirements: Medical, Dental & Vision Insurance, Flexible Time Off Program, Paid Holidays, Paid Parental Leave, Global Employee Assistance Program (EAP) and more!

About DataRobot

DataRobot is an artificial intelligence company that provides a platform for building and deploying machine learning models. The company's platform automates the entire machine learning workflow, from data preparation to model deployment, making it easier for businesses to leverage the power of AI. DataRobot's customers include Fortune 500 companies, government agencies, and startups across a variety of industries. The company was founded in 2012 and is headquartered in Boston, Massachusetts.
Learn more about DataRobot
Size
1,000 employees
Industry
Founded
2012

Similar Jobs

More Jobs at DataRobot

More Information Technology Jobs

Find similar Staff Product Security Engineer jobs: