Lead Product Security Engineer

Position Title: Lead Product Security Engineer 

Reports To: Principal Security Architect   

As our Lead Product Security Engineer you’ll own threat modeling, secure‑by‑design guidance, and hands‑on engineering for an industry‑leading SaaS platform that powers automotive retail for millions of users. You’ll work autonomously, partner closely with our Application Security (AppSec) scanning team, and influence product teams across the company—from design through incident response.

Working hours: Late‑shift schedule with ~4 hours daily overlap with US Mountain Time (e.g., 1 p.m. – 10 p.m. IST). Some flexibility is expected; we value outcomes over clock‑watching.

Key Responsibilities: 

1. Leadership & Strategy: 

• Champion security culture and coach teams on secure product design

• Lead the development and implementation of CDK’s product security strategy 

• Design and implement technology and processes supporting CDK’s product security strategy 

• Effectively partner across security, technology, and business teams 

• Provide technical security leadership to product teams 

• Develop effective product security metrics and use them to drive improvements  

2. Product Security Standards: 

• Guide the development and continuous improvement of product security standards and guidelines in alignment with risk and compliance requirements 

• Drive accurate measurement and reporting of CDK’s compliance with product security standards 

• Drive adoption of product security standards across product, technology, and infrastructure teams 

3. Product Security Architecture and Engineering: 

• Lead and evolve product threat‑modeling practices (STRIDE, PASTA, attack trees, etc.)

• Guide development of secure product architecture practices across technology teams  

• Develop repeatable engineering and automation patterns to enable “secure by default” design 

• Solve challenging product and application security problems 

4. Security Operations:  

• Work with CDK Security Operations team to identify and enable detection for advanced application security problems 

• Drive good development practices in orchestration and automation of macro response workflows 

• Be a force multiplier in rare product security incident scenarios 

 5. Data-Driven Security:

• Help wrangle and correlate security data from multiple tools; prototype metrics, dashboards, or ML models that reveal real risk trends.

• Advise on data quality, cleansing, and correlation strategies.

Required Qualifications: 

Education:  

•  Bachelor’s degree in Computer Science or Information Security, or an equivalent experience 

Experience:

• 8+ years overall in software / security engineering, including 5+ years focused on product or application security in complex SaaS or e‑commerce environments.

• Demonstrated ownership of threat modeling for modern cloud architectures (microservices, serverless, containers).

• Proven ability to drive security architecture and standards autonomously.

• Hands‑on experience with at least one major public cloud and IaC (Terraform, CloudFormation, ARM, etc.).

• Excellent written and verbal communication skills; able to translate deep technical issues into business‑focused recommendations.

Nice‑to‑have:

• Prior work with data‑privacy or data‑protection regulations (GDPR, CCPA, DPDP India, etc.).

• Data science / analytics chops: experience cleaning, correlating, or modeling large security datasets.

• Strong software‑engineering background, especially in Python (automation, data pipelines, small tools).

• Familiarity with secure SDLC and AppSec scanning pipelines (SAST, DAST, SCA, container security).

• Experience mentoring or leading distributed teams.

Why join us?

• Impact at scale – Your work secures a platform that processes billions of dollars in automotive transactions yearly.

• Autonomy & ownership – We hire experts and trust them to deliver.

• Global collaboration – Work with top engineers across India and North America, shaping security practices company‑wide.

• Growth – Influence adjacent initiatives in data security, metrics, and architecture alongside our Principal Security Architect.

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US.  CDK may offer employer visa sponsorship to applicants.