Back to Details

product-infrastructure-security-engineer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Product Infrastructure Security Engineer

产品基础设施安全工程师

When to Use

适用场景

  • Threat-model product features, internal APIs, workers, and customer-facing infrastructure
  • Design or review tenant isolation, authorization boundaries, and customer data-plane controls
  • Harden product-owned services with secure defaults, service auth, rate limits, audit logs, and encryption
  • Review product IaC or runtime changes for cross-tenant data leaks and abuse paths
  • Support incidents involving customer workloads, tenant blast radius, or product security regressions
  • 对产品功能、内部API、工作负载及面向客户的基础设施进行威胁建模
  • 设计或评审租户隔离、授权边界及客户数据平面控制措施
  • 通过安全默认设置、服务认证、速率限制、审计日志和加密加固产品自有服务
  • 审查产品IaC或运行时变更,排查跨租户数据泄露和滥用路径
  • 支持涉及客户工作负载、租户影响范围或产品安全退化的事件处理

When NOT to Use

不适用场景

  • Implement corporate IdP, KMS, PAM, SIEM, or EDR systems → 
    information-security-engineer
  • Add CI/CD security gates, SBOMs, or supply-chain controls only → 
    devsecops
  • Run SOC alert triage and detection tuning → 
    defensive-security-analyst
  • Execute authorized pentests or exploit validation → 
    offensive-security-analyst
  • Build general IDP, golden paths, or developer portals → 
    platform-engineer
  • Define company-wide security strategy or GRC roadmap → 
    cybersecurity
  • Design RAG/copilot/LLM solution architecture → 
    applied-ai-architect-commercial-enterprise
  • 部署企业IdP、KMS、PAM、SIEM或EDR系统 → 
    information-security-engineer
  • 仅添加CI/CD安全门禁、SBOM或供应链控制 → 
    devsecops
  • 执行SOC告警分诊和检测调优 → 
    defensive-security-analyst
  • 执行授权渗透测试或漏洞验证 → 
    offensive-security-analyst
  • 构建通用IDP、黄金路径或开发者门户 → 
    platform-engineer
  • 制定公司级安全策略或GRC路线图 → 
    cybersecurity
  • 设计RAG/copilot/LLM解决方案架构 → 
    applied-ai-architect-commercial-enterprise

Related skills

相关技能

NeedSkill
Org-wide IAM, KMS ops, SIEM
information-security-engineer
Pipeline scans, SBOM, CI OIDC
devsecops
Product feature code and APIs
senior-fullstack-developer
Core cloud/K8s provisioning
infrastructure-engineer
IDP templates and portal
platform-engineer
Pentest reproduction
offensive-security-analyst
Customer-impacting incident comms
cybersecurity
AI copilot/RAG architecture
applied-ai-architect-commercial-enterprise
K8s namespace isolation and deploy
cluster-deployment-engineer
需求技能角色
企业级IAM、KMS运维、SIEM
information-security-engineer
流水线扫描、SBOM、CI OIDC
devsecops
产品功能代码与API
senior-fullstack-developer
核心云/K8s配置
infrastructure-engineer
IDP模板与门户
platform-engineer
渗透测试复现
offensive-security-analyst
影响客户的事件沟通
cybersecurity
AI copilot/RAG架构
applied-ai-architect-commercial-enterprise
K8s命名空间隔离与部署
cluster-deployment-engineer

Core Workflows

核心工作流

1. Product threat modeling

1. 产品威胁建模

Scope the product boundary (what attackers and tenants can reach):
  1. List actors: customer user, tenant admin, partner integration, internal operator, anonymous
  2. Map assets: customer data, credentials, billing, config, audit logs
  3. Draw data flows across services and stores
  4. Identify trust boundaries (tenant, region, env)
  5. Prioritize threats: cross-tenant access, privilege escalation, data exfil, abuse
  6. Record mitigations and residual risk owners
See 
references/product_threat_model.md
for STRIDE-lite worksheet.
明确产品边界(攻击者和租户可触及的范围):
  1. 列出角色:客户用户、租户管理员、合作伙伴集成、内部操作员、匿名用户
  2. 梳理资产:客户数据、凭证、账单信息、配置、审计日志
  3. 绘制跨服务和存储的数据流向
  4. 识别信任边界(租户、区域、环境)
  5. 优先级排序威胁:跨租户访问、权限提升、数据泄露、滥用
  6. 记录缓解措施及剩余风险负责人
参考
references/product_threat_model.md
获取STRIDE-lite工作表。

2. Multi-tenant isolation

2. 多租户隔离

Isolation goals:
  • No cross-tenant read/write on data paths
  • Blast radius contained per tenant on compromise
  • Strong tenant ID in every authZ decision (never trust client-supplied tenant alone)
Patterns: row-level security, per-tenant keys, namespace isolation, dedicated cells for enterprise tier.
See 
references/multi_tenant_isolation.md
for patterns and test cases.
隔离目标:
  • 数据路径上无跨租户读写权限
  • 发生入侵时,影响范围限制在单个租户内
  • 每个授权决策都包含有效的租户ID(绝不单独信任客户端提供的租户信息)
常用模式:行级安全、租户专属密钥、命名空间隔离、企业级租户专属单元。
参考
references/multi_tenant_isolation.md
获取模式和测试用例。

3. Service and API security baselines

3. 服务与API安全基线

Every product service should default to:
  • Authenticated internal calls (mTLS or signed service tokens)
  • AuthZ at resource level, not only route level
  • Input validation and size limits on APIs
  • Structured audit logs for security-relevant actions
  • No secrets in images; workload identity for cloud APIs
See 
references/secure_service_defaults.md
for checklist and anti-patterns.
每个产品服务应默认配置:
  • 内部调用认证(mTLS或签名服务令牌)
  • 资源级授权,而非仅路由级授权
  • API输入验证及大小限制
  • 安全相关操作的结构化审计日志
  • 镜像中不存储密钥;使用工作负载身份访问云API
参考
references/secure_service_defaults.md
获取检查清单和反模式。

4. Customer data protection

4. 客户数据保护

ControlProduct infra angle
Encryption at restPer-tenant or per-table keys where required
Encryption in transitTLS everywhere; no TLS termination that exposes plaintext internally without justification
RetentionDeletion hooks for account closure
LoggingRedact PII in product logs; separate security audit stream
See 
references/customer_data_protection.md
for key hierarchy and deletion workflow.
控制措施产品基础设施视角
静态加密按需使用租户专属或表级密钥
传输加密全链路TLS;无正当理由不得在内部暴露明文的TLS终止
数据留存账号注销时的删除钩子
日志记录产品日志中脱敏PII;分离安全审计流
参考
references/customer_data_protection.md
获取密钥层级和删除工作流。

5. Abuse and resilience

5. 防滥用与韧性

  • Rate limits per tenant/user/IP on public and partner APIs
  • Idempotency and replay protection on sensitive mutations
  • Circuit breakers on dependency calls that handle tenant context
  • Quotas on expensive operations (exports, bulk API)
Align with defensive monitoring for anomaly signals.
  • 公共API和合作伙伴API按租户/用户/IP设置速率限制
  • 敏感操作的幂等性与重放保护
  • 处理租户上下文的依赖调用断路器
  • 高成本操作(导出、批量API)的配额限制
与防御性监控对齐,识别异常信号。

6. Security design review (product infra)

6. 安全设计评审(产品基础设施)

Review triggers: new data store, new cross-service API, tenancy model change, new integration surface, crypto change.
Review output:
  • Findings with severity
  • Required controls before launch
  • Test plan (isolation tests, negative authZ cases)
  • Rollback / feature flag recommendation
See 
references/security_design_review.md
for review template.
评审触发条件: 新增数据存储、新增跨服务API、租户模型变更、新增集成面、加密方案变更。
评审输出:
  • 带严重级别的发现项
  • 上线前需落实的控制措施
  • 测试计划(隔离测试、授权否定用例)
  • 回滚/功能标志建议
参考
references/security_design_review.md
获取评审模板。

7. Incident support (product scope)

7. 事件支持(产品范围)

When customer workloads are affected:
  1. Confirm blast radius (which tenants, regions)
  2. Preserve tenant-scoped logs and configs
  3. Coordinate containment without cross-tenant impact
  4. Post-incident: add regression test and detection
Hand off enterprise IR/comms to 
cybersecurity
when required.
当客户工作负载受影响时:
  1. 确认影响范围(涉及哪些租户、区域)
  2. 保留租户范围的日志和配置
  3. 协调遏制措施,避免影响其他租户
  4. 事后:添加回归测试和检测机制
必要时将企业级事件响应/沟通移交
cybersecurity
角色。

When to load references

何时调用参考文档

  • Threat modeling
    references/product_threat_model.md
  • Tenancy
    references/multi_tenant_isolation.md
  • Service baselines
    references/secure_service_defaults.md
  • Data and crypto
    references/customer_data_protection.md
  • Design reviews
    references/security_design_review.md
  • 威胁建模
    references/product_threat_model.md
  • 租户管理
    references/multi_tenant_isolation.md
  • 服务基线
    references/secure_service_defaults.md
  • 数据与加密
    references/customer_data_protection.md
  • 设计评审
    references/security_design_review.md