commercetools
Principal Engineer, Product Security

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Principal Engineer, Product Security
Principal Engineer Product Security
At commercetools
Real innovation starts with a strong foundation, and at commercetools, that comes from the perfect balance of our product and our people. Behind every leap forward is a collective of builders, explorers, doers, makers, and problem-solvers. Together, they are the engine of commerce innovation today.
At commercetools, we power the next era of commerce. Our work helps enterprises make smarter business decisions, bridge digital and physical shopping experiences, and connect industries with their customers. Success is defined not by titles, but by ideas that shape the future—because here, the best idea wins, not the loudest voice. You’ll have tools, trust, and space to build the future of commerce—and to build your future.
Your Impact
As our Principal Engineer Product Security, you’ll work closely with the Engineering team to tackle complex technical challenges in building and scaling secure services for multi-cloud infrastructure. Your focus will be on shifting security left, embedding it into the development process.
- Formulate, evangelise, and drive adoption of the product security strategy
- Assess, advise on, and increase the security maturity posture across the organisation
- Create a standardised security architecture and operational best practices framework
- Help track, prioritise, and drive risk remediation for security and technical vulnerabilities
- Educate product teams on risk assessments, threat modelling, and constructing secure API-first applications
- Review requirements and designs to address security shortcomings at the earliest stages
- Embed DevSecOps practices and tooling into the development lifecycle
- Contribute to external penetration test reviews, helping teams prioritise and fix vulnerabilities
- Collaborate with product teams to improve overall security, resolve incidents, and enhance protections
- Facilitate or lead customer-facing security conversations, ensuring transparency and trust
- Triage and investigate new attack vectors, developing risk mitigation strategies
- Drive security and quality initiatives across commercetools and align with certification audits
- Partner with Product Management, Principal Engineers, and legal/compliance teams
- Identify skills gaps and facilitate knowledge sharing, including trainings and internal onboarding
- Work in a hybrid model, spending three days per week in our offices in our Berlin, London, or Valencia campus
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What Sets You Apart
We are looking for building insurgents—creative problem-solvers who thrive in complex environments and can distil intricate challenges into actionable, practical solutions. Your ability to curate environments of trust, empowerment, and continuous learning is as important as your technical expertise.
Your competencies:
- Strong technical foundation with a proven track record of hand-on Product Security (5+ years)
- 2+ years in a leadership role, improving or shaping security strategies in fast-growth organisations
- Experience in customer-facing security roles, including influencing product roadmaps and engaging with multi-team governing bodies
- Proven ability in scale-up environments where agility, competing priorities, and cross-functional collaboration are essential
- Strong ability to define, communicate, and contextualise requirements or technical priorities effectively
- Experience in Secure Architecture Design Reviews and Threat Modelling frameworks
- Hands-on experience infusing security into the SDLC, including static code analysis, secure code reviews, and dependency scanning
- Knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security frameworks
- DevSecOps proficiency, including automation at scale, integration of security tooling, and CI/CD guardrails.
- Comfortable leveraging scripting languages (e.g. JavaScript, Go) to build security awareness, gain visibility, or automate remediation
- Project management experience managing cross-team security initiatives with competing demands
- Agile working, but with a strong customer orientation and a mindset of ownership
- Experience designing and delivering trainings, onboarding activities, or workshops
- Fluent, clear communication in English verbally and in writing
- AI Aptitude: Genuine curiosity and commitment to applying AI tools to work smarter, while maintaining a personal desire to learn and experiment


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Nice to Have:
- Relevant security certifications (e.g.: CISSP, CCSP, CSA CCSK, Certified Kubernetes Security Specialist, or cloud providers’ security credentials)
- Continuous passion for upskilling, especially leadership and emerging technologies.
Our Benefits
Because work is deeply tied to well-being and growth, we offer benefits that support your life and career at every stage.
-
Health & Well-being:
- Comprehensive medical benefits for you and your dependents
- Access to OpenUp for personalised mental health support at any time
-
Career Growth & Development:
- Annual learning budget, self-paced courses, language training
- Personalised coaching, mentorship, and leadership programs
- Equity participation – a share of commercetools’ success is also yours
-
Work-Life Balance:
- Family Leave Plus: Extended fully-paid parental leave beyond legal obligations
For additional details on benefits, please visit our dedicated webpage.
We welcome you
Our strength lies in the unique perspectives every team member brings. We strive for a reflective and diverse team that accurately mirrors the world around us—because only then will we truly build the future.
Equal opportunity and inclusion are essential to our culture. We strongly value diversity in all its forms—race, colour, religion, gender identity, sexual orientation, age, parenthood, and more—and we welcome everyone to shape our global journey.
For more information regarding our commitment to diversity, equity, inclusion, and belonging (DEIB), visit our DEIB page.
Come as you are. Build with us. Your place is here. Apply today!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location