Senior Product Security Engineer

Why Join Doppel Doppel is built to outsmart one of the great threats AI presents: mass-manufactured social engineering. Countless scams, deepfakes, and other social engineering attacks are surging across every digital channel: websites, social media, ads, encrypted messaging apps, mobile, and more. Our mission is simple but bold: make the internet a safer place by outsmarting the world’s fastest-evolving digital threats. Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you. What We're Looking For We're looking for a Senior Product Security Engineer to lead product and cloud security by embedding into engineering workflows and acting as the subject matter expert for GCP. It involves running architecture reviews, leading threat modeling, and driving penetration testing engagements from scoping to remediation. The role also designs and enforces least-privilege IAM, builds security guardrails through policy and infrastructure-as-code, and ensures issues are triaged, tracked, and resolved. Beyond execution, it provides enablement and mentorship for engineers, clear documentation, and transparent reporting to security leadership. What You'll Do Run security architecture reviews for product features and our GCP environment in partnership with product and engineering; lead threat modeling and document risks, controls, and clear recommendations. Own penetration testing engagements end‑to‑end: vendor/scoping, rules of engagement, test coordination, finding validation and severity, retest, and remediation tracking to closure. Act as the GCP security SME for project teams, advising on secure patterns for networking (VPC, private access, perimeter controls), data protection (KMS, secrets), compute runtimes (GKE/Cloud Run/GCE), CI/CD (Cloud Build, Artifact Registry), and logging/monitoring. Design and enforce least‑privilege IAM in GCP: role design (custom vs. predefined), service account lifecycle, workload identity, IAM Conditions, org/folder policy constraints, and periodic access reviews. Triage and route product security related findings to the right engineering owners; tune rules to reduce noise, set severities and SLAs, and drive remediation - capturing justified exceptions. Contribute security guardrails via policy and infrastructure‑as‑code (e.g., org policies, constraints, reusable Terraform modules, admission/policy controllers) and integrate pre‑merge checks in CI/CD. Create practical documentation and runbooks (design review checklist, IAM standards, exception process) and deliver targeted enablement sessions for engineers and PMs. Report progress and risks with metrics and status updates to security leadership; proactively escalate blockers and propose tradeoffs. Mentor engineers and code owners on secure‑by‑default coding and architecture best practices. Minimum Requirements 5–7 years of experience in product security, cloud security engineering, or a related field. Strong knowledge of Google Cloud Platform (GCP) services and security best practices, including IAM, networking, data protection, and workload runtimes. Hands-on experience with penetration testing coordination, threat modeling, and risk assessment. Proficiency with Infrastructure-as-Code tools (Terraform, policy controllers, CI/CD integrations). Familiarity with designing and enforcing least-privilege IAM and conducting access reviews. Ability to communicate security risks and recommendations clearly to engineering and leadership audiences. Preferred Qualifications Professional certifications such as GCP Professional Cloud Security Engineer, OSCP, or CISSP. Experience building reusable security guardrails and automation at scale. Familiarity with Kubernetes (GKE) and container security. Prior success mentoring engineers or embedding security practices into development lifecycles. Experience reporting security metrics and influencing technical and business decision-making. What We Offer A mission-driven culture with low ego, high ownership, deep customer obsession, and exceptional talent density Flexible PTO ✈️ Quarterly team offsites About us Doppel is the first platform built to dismantle digital deception at scale. We scan over 150 million entities daily and deploy continuously adaptive AI SOC agents—paired with expert human analysts—to uncover and disrupt the infrastructure behind phishing, impersonation, and online fraud before attacks can spread. Our Threat Grid turns every customer signal into shared intelligence, making each disruption smarter, faster, and more effective. We’re not just another cybersecurity company. We’re defining the future of social engineering defense—where trust is protected, and deception becomes unprofitable. Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you.