Product Security Engineer

Data Robot delivers AI that maximizes impact and minimizes business risk. Our platform and applications integrate into core business processes so teams can develop, deliver, and govern AI aRobot empowers practitioners to deliver predictive and generative AI, and enables leaders to secure their AI assets. Organizations worldwide rely on Data Robot for AI that makes sense for their business — today and in the future.

You are invited to join Data Robot as a Staff Product Security Engineer. This highly technical, high‑impact role focuses on ensuring our platform meets the rigorous demands of Federal and Commercial customers, including FedRAMP High and DoD IL5 compliance. You will operate at the intersection of engineering, automation, and federal compliance.

• Federal Security & Strategy
  • Lead the Data Robot Federal Group as primary technical lead for FedRAMP High and DoD IL5 Authority to Operate (ATO).
  • Translate NIST 800‑53 controls into actionable engineering requirements for commercial developers.
  • Write and maintain security policies (SSPs) and procedures, develop, track, and remediate Plans of Action and Milestones (POA&Ms), and provide technical evidence during third‑party audits.
• Security Engineering & Automation
  • Develop custom automation to manage security tooling and implement "Secure‑by‑Design" processes in the CI/CD pipeline using Python or Go.
  • Design and implement container security controls for production environments.
  • Deploy and manage security testing tools for SAST, DAST, and SCA analysis (e.g., Semgrep, Trivy, Burp Suite).
  • Perform threat modeling and review technical designs to prioritize risks and educate developer teams on secure coding practices.
• Customer Trust & Vulnerability Management
  • Act as external face of Data Robot Security, working directly with customers’ security teams to resolve concerns regarding CVE exposure and architecture.
  • Balance business needs with security rigor; stand firm on security policies while maintaining strong professional relationships through clear, diplomatic, and solutions‑oriented communication.

• Federal Fluency – Deep understanding of FedRAMP, NIST 800‑53, and DoD Cloud Computing Security Requirements Guide.
• Technical Proficiency
  • Fluent in Python or Go for building security automation.
  • Deep understanding of Linux containers, including internals and security isolation.
  • Strong preference for experience with Kubernetes orchestration.
  • Hands‑on experience with tools such as Semgrep, Trivy, and Burp Suite.
• Strategic Mindset – Able to determine why a bug happened and how to prevent it systemically.
• Soft Skills – Leadership and stakeholder liaison skills, strong communication.

• Must be a United States Citizen residing in the United States.
• 8+ years of experience in Information Security, with significant time in Product Security or App Sec roles.
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).

• Competitive salary based on experience.
• Medical, Dental & Vision Insurance.
• Paid holidays, paid parental leave, and flexible time‑off program.
• Global Employee Assistance Program (EAP).

Data Robot is a committed Equal Employment Opportunity and Diversity employer. We do not discriminate based on race, religion, color, national origin, gender identity, sexual orientation, age, veteran status, disability, or any other characteristic protected by law. Data Robot is committed to providing reasonable accommodations for applicants with disabilities. All applicant data is handled in accordance with our Applicant Privacy Policy.