Couchbase
Chief Information Security Officer (CISO)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Couchbase
Couchbase, Inc. is a provider of a distributed NoSQL document database platform, founded in 2011 through the merger of Membase and CouchOne. Headquartered in Santa Clara, California, the company has global offices in Austin, Bangalore, London, and Manchester. Couchbase aims to simplify the development, deployment, and operation of modern applications, offering a cloud-first, developer-centric data platform that is trusted by over 30% of the Fortune 100. The company's core products include Couchbase Capella, a fully managed Database-as-a-Service (DBaaS), and Couchbase Server, an open-source distributed NoSQL database. These products are designed to handle various workloads, including transactional, analytical, mobile, and edge applications across on-premises, multi-cloud, and hybrid environments. Couchbase serves a diverse range of sectors, including financial services, gaming, healthcare, and retail, providing solutions that address the limitations of traditional relational databases.
Security at Couchbase
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Couchbase's stated AppSec mission is to "Champion a "secure-by-design" culture across engineering". Their approach to working with developers is that "security accelerates, rather than constrains, innovation". Their risk philosophy involves performing "security software architecture review and integrate threat modeling". A stated goal is to "Drive the identification and remediation of security vulnerabilities within defined SLAs."Information regarding an explicit, public AppSec charter or a one-line mission statement authored by an AppSec leader separate from job postings is not publicly available.”
Security Team
The Chief Information Security Officer (CISO) serves as the primary advisor to the executive team and Board. Vasanth Madhure is the Chief Information Security Officer, and he has "built a first-class team at Couchbase."The exact reporting line for AppSec (e.g., to Product, CTO, or CISO) is not explicitly stated beyond the CISO's role. The AppSec team size is not publicly available. As of, there are 2 active AppSec job postings: Chief Information Security Officer and Cloud Security Engineer. Common skill/tool patterns mentioned in job postings include SAST, DAST, SCA, Terraform, and scripting languages (Python, Bash, PowerShell), with an emphasis on integrating application security tools within existing development, build, and deployment processes.
Key Initiatives
There is no public evidence of a Security Champions Program at Couchbase; this information is not publicly available. For 'Shift Left' practices, Couchbase aims to "Integrate application security tools within existing development, build, and deployment processes". Their Vulnerability Management Process includes intake by owning and managing "the bug bounty program"and triage/remediation by driving "the identification and remediation of security vulnerabilities within defined SLAs."Secure SDLC Artifacts involve performing "security software architecture review and integrate threat modeling and abuse cases into the SDLC". A recent initiative (last 6 months) is "Enhanced Security and Compliance Protects Mission-Critical AI Applications"related to Couchbase 8.0.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.