Join Doppel and Outsmart the World's Fastest-Evolving Digital Threats
Doppel is on a mission to make the internet a safer place by combating mass-manufactured social engineering attacks – from deepfakes to sophisticated scams. We're seeking a passionate and skilled Senior Product Security Engineer to join our growing team and help us protect users across every digital channel.
The Opportunity: Senior Product Security Engineer
As a Senior Product Security Engineer at Doppel, you'll be a key player in ensuring the security of our products and cloud infrastructure. You'll embed yourself within engineering workflows, acting as the subject matter expert for GCP security and driving security best practices throughout the development lifecycle. This role offers the chance to make a tangible impact on our mission and work alongside a team of talented and dedicated professionals.
This role is open remotely across the U.S. and Canada.
What You'll Do:
Lead security architecture reviews for product features and our GCP environment, collaborating closely with product and engineering teams. Conduct thorough threat modeling and document risks, controls, and actionable recommendations.
Own end-to-end penetration testing engagements, from vendor selection and scoping to test coordination, finding validation, severity assessment, retesting, and remediation tracking.
Serve as the GCP security SME for project teams, advising on secure patterns for networking (VPC, private access, perimeter controls), data protection (KMS, secrets), compute runtimes (GKE/Cloud Run/GCE), CI/CD (Cloud Build, Artifact Registry), and logging/monitoring.
Design and enforce least-privilege IAM in GCP: role design (custom vs. predefined), service account lifecycle, workload identity, IAM Conditions, org/folder policy constraints, and periodic access reviews.
Triage and route product security findings to the appropriate engineering owners, tune rules to minimize noise, establish severities and SLAs, and drive remediation efforts, while also managing justified exceptions.
Contribute to security guardrails through policy and infrastructure-as-code (e.g., org policies, constraints, reusable Terraform modules, admission/policy controllers) and integrate pre-merge checks within CI/CD pipelines.
Develop practical documentation and runbooks (design review checklist, IAM standards, exception process) and deliver targeted enablement sessions for engineers and PMs.
Report on progress and risks with metrics and status updates to security leadership, proactively escalating blockers and proposing well-reasoned tradeoffs.
Mentor engineers and code owners on secure-by-default coding and architecture best practices.
What You'll Bring:
5–7 years of experience in product security, cloud security engineering, or a related field.
In-depth knowledge of Google Cloud Platform (GCP) services and security best practices, including IAM, networking, data protection, and workload runtimes.
Hands-on experience with penetration testing coordination, threat modeling, and risk assessment.
Proficiency with Infrastructure-as-Code tools (Terraform, policy controllers, CI/CD integrations).
Familiarity with designing and enforcing least-privilege IAM and conducting access reviews.
Exceptional ability to communicate security risks and recommendations clearly to both technical and non-technical audiences.
Bonus Points:
Professional certifications such as GCP Professional Cloud Security Engineer, OSCP, or CISSP.
Experience building reusable security guardrails and automation at scale.
Familiarity with Kubernetes (GKE) and container security.
Proven success mentoring engineers or embedding security practices into development lifecycles.
Experience reporting security metrics and influencing technical and business decision-making.
Why Doppel?
At Doppel, you'll be part of a mission-driven culture that values:
🚀 Low ego, high ownership, and a deep obsession with customer success.
🌴 Flexible PTO to recharge and maintain a healthy work-life balance.
✈️ Quarterly team offsites to foster collaboration and camaraderie.
We're not just another cybersecurity company. We're pioneering the future of social engineering defense, making trust the default and deception unprofitable. If you're a driven cybersecurity professional seeking a challenging and rewarding opportunity, we encourage you to apply!