AppSec Jobs
← Back to all jobs

SolarWinds

Lead Product Security Engineer

Austin, TXWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About SolarWinds

SolarWinds is a prominent provider of observability and IT management software, aimed at helping organizations monitor, analyze, and optimize their IT infrastructure in hybrid and multi-cloud environments. Founded in 1999 in Tulsa, Oklahoma, the company has grown significantly, relocating its headquarters to Austin, Texas, and expanding internationally. The company offers a comprehensive suite of IT management solutions, including network management, systems and database monitoring, application performance monitoring, and IT service management. Their SolarWinds Platform integrates these solutions to enhance performance, reliability, and security for enterprises. With over 300,000 customers worldwide, SolarWinds serves a diverse range of businesses, from small and mid-sized companies to large enterprises. The company also fosters a strong user community through THWACK®, which has nearly 200,000 members.

Industry

information technology & services

Employees

2,000

765 engineers

Revenue

$797M

Website

Visit →

Security at SolarWinds

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • SolarWinds' AppSec philosophy is centered on the 'Secure by Design' principle, which serves as the guiding framework for cyber resiliency.
  • The approach prioritizes fixing security issues prior to release, viewing security as a mechanism that enables speed ('Brakes make you go faster').
  • The team follows a defined software development methodology aligned with NIST SSDF controls and emphasizes an 'assume-breach' mindset.

Security Team

SolarWinds employs a dedicated product security function, as evidenced by active recruitment for leadership roles such as 'Lead Product Security Engineer'. The security organization is led by CISO Tim Brown, who oversees the Trust Center and the 'Secure by Design' initiative. Specific reporting lines (e.g., whether the team is centralized or embedded) and the precise team size are not publicly disclosed.

Key Initiatives

Key initiatives include the implementation of a 'Secure by Design' build system characterized by parallel builds and verified steps. SolarWinds has conducted a gap analysis against NIST SSDF controls to harden their development process. They maintain an active Vulnerability Disclosure Policy (VDP) managed by a PSIRT that commits to acknowledging reports within three business days. There is no public evidence of a formal 'Security Champions' program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.