commercetools

Principal Engineer, Product Security

commercetools · Munich, Germany
Munich, Germany Posted 2026-07-02
Type
Full-time
Experience
2+ yr

About Commercetools

Real innovation starts with a strong foundation, and at commercetools, that comes from the perfect balance of our product and our people. Behind every leap forward is a collective of builders, explorers, doers, makers, and problem-solvers. The kind of people who not only pioneered a more flexible approach to commerce architecture but also shaped the culture of experimentation that approach unlocked. Together they are the engine of commerce innovation today. At commercetools, we power the next era of commerce for our customers. Whether it’s AI-driven solutions that help enterprises make smarter business decisions, bridging digital and physical shopping experiences, or enabling entirely new ways for industries to connect with their customers, we help the world’s most ambitious companies experiment, scale, and grow without limits. Here the best idea wins, not the loudest voice. You will have the tools, trust, and space to not only build the future of commerce, but to build your own.

Your Impact

As our  Principal Engineer Product Security   , you’ll support the  Engineering team  by solving challenging technical problems for an ambitious product and enabling teams to "shift left" to build secure services on multi-cloud infrastructure .

You will:

Formulate, evangelise, and drive adoption of the product security strategy

Assess, advise on, and increase the security maturity posture

Create a standardised security architecture and operational best practices

Help track and drive remediation of security and technology risks

Educate product teams on risk assessments, threat modelling, and building secure api-first applications

Review requirements and designs to help product teams address shortcomings

Embed security tooling into the development process

Contribute to the review of external penetration tests and help teams prioritise fixes

Collaborate with product teams to improve overall security and resolve specific issues

Facilitate or lead customer conversations regarding product security

Triage and investigate new attack vectors to determine risk mitigation

Drive security and quality initiatives across the organization and support certification audits

Collaborate with Product Management, Principal Engineers, and legal/compliance teams

Identify skills gaps and facilitate knowledge sharing across the organization

This role is hybrid, with three days a week spent in our  Berlin, London or Valencia  office .

What Sets You Apart

You're a creative problem-solver who is wired to find solutions. You confidently dive into complex challenges and have a talent for making them simple for others. Your curiosity drives you to constantly grow and contribute to an environment of trust and teamwork. Great ideas come from many paths, and your unique perspective matters more than checking every box. What matters most is the mindset you bring to the work.

You bring:

A strong technical background and 5+ years of proven track record in hands-on Product Security

2+ years of experience improving Product Security in a leadership role

Experience with customer-facing security roles and influencing roadmaps in matrix organizations

Experience in a scale-up environment with ambitious and competing priorities

Expertise in formulating, elaborating, and clarifying requirements or priorities

Experience with Secure Architecture design reviews and Threat Modeling

Experience infusing security into various levels of the SDLC

Experience with Static Analysis and Secure Code Review implementations

Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security

Practical experience in DevSecOps and proficiency in at least one scripting language like JavaScript or Go

Project management experience for projects affecting multiple teams

Experience working within an Agile environment with a strong customer focus

Experience setting up and running trainings or onboardings

Clear written and verbal communication in fluent English

AI Aptitude: A genuine curiosity for using AI tools to work smarter and more effectively, paired with a drive to learn and put them into practice in your role.

Nice to Have: * Security Certifications such as CISSP, CCSP, Certified Kubernetes Security Specialist, or GCP/AWS/Azure security certifications

An eagerness to constantly improve and learn about leadership and new technologies

Our Benefits

Because work and life are connected, our benefits are too. We’ve designed them to give you the security, flexibility, and opportunities you need to focus on what matters most.

🩺 Comprehensive health benefits for you and your dependents, including access to OpenUp for personalized mental health support

📚 Learning and development opportunities including an annual learning budget, access to self-paced learning platforms and language training, personalized coaching, mentorship, and leadership programs

🍼 Family Leave Plus gives you additional fully paid weeks of parental leave on top of government-provided leave, so you can spend more time with your new addition

📈 Our equity participation program allows you to share in our success

For more information on our benefits, visit this page.

Come as you are. Build with us.

Your unique perspective is essential to our success. We are committed to building a team that reflects the world around us because we know it’s the only way to build the future. We celebrate our differences and have created a hiring process that’s fair, inclusive, and designed to let your talent shine.

We proudly welcome applicants of every race, color, religion, gender identity, sexual orientation, age, and any other part of your identity that makes you who you are. As an equal opportunity employer, we believe that our strength lies in our diversity, and we invite you to be a part of our global community.

For more information on our diversity, equity, inclusion, and belonging practices, visit this page .

KubernetesTerraformJavaScriptGCPAWSAzure
D
AI Engineer
Valencia, Spain (Hybrid) Hybrid
Data & ML
P
Head of Product – Agentic Offerings
Valencia, Spain (Hybrid) Hybrid
Product
M
Senior Technical Product Marketing Manager
London, UK Hybrid
Marketing
See all roles at commercetools →
V
Senior Security Engineer, Product AppSec
Veeam Software Remote (US) Remote
Engineering
$237K–$441K
D
Senior Platform Engineer, Security
Doxel San Francisco, CA Hybrid
Engineering
$175K–$220K
I
Senior Engineer, Cloud Security
Illumio Sunnyvale, CA
Engineering
$170K–$196K
M
Security Software Engineer, Infrastructure Security
MongoDB Austin, TX
Engineering
$127K–$249K
See all Engineering roles →

Interested in this role?

Apply directly on the company site — no recruiter middleman, no account required.

Apply now →
Apply on company site