Cyber Security Engineer

About The Position

Requirements

• 7+ years in security or IT roles.
• 3+ years of hands-on experience in cybersecurity engineering, product security, DevSecOps, or secure platform engineering.
• Strong understanding of common application security risks and mitigations (OWASP Top 10, secure coding patterns).
• Experience integrating security scanning into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, etc.).
• Working knowledge of cloud security fundamentals (AWS, Azure, or GCP).
• Experience in at least one scripting/programming language (Python, Go, Java, JavaScript/TypeScript, or similar).
• Ability to communicate security risk clearly and pragmatically to engineering teams and technical leadership.

Nice To Haves

• Experience with container and Kubernetes security (image scanning, admission controls, runtime security).
• Familiarity with infrastructure-as-code tooling (Terraform, CloudFormation, ARM/Bicep).
• Experience with threat modeling methodologies (STRIDE, PASTA, or similar).
• Experience with SIEM, logging, and cloud-native monitoring (Splunk, Sentinel, ELK, CloudWatch, etc.).
• Exposure to software supply chain security practices (SBOM, signing, provenance, artifact integrity).
• Security certifications (nice-to-have, not required): Security+, AWS Security Specialty, CISSP, GIAC, , etc.

Responsibilities

• Secure SDLC / Product Security Enablement Partner with product engineering teams to embed security practices into the software development lifecycle, from design through deployment.
• Define and maintain security patterns for common platform components (APIs, services, identity, secrets, data storage).
• Provide actionable remediation guidance for engineering teams, aligned to business risk and delivery timelines.
• Vulnerability Management & Remediation Support Manage and triage findings across: SAST / SCA Container and artifact scanning Secret scanning DAST (where applicable) Malware Cloud security posture and configuration findings
• Drive consistent risk scoring, prioritization, and remediation tracking aligned to SLAs.
• Validate fixes through testing and evidence-driven verification.
• CI/CD Security & Automation Integrate security tooling and controls into CI/CD pipelines with a focus on automation and developer usability.
• Improve pipeline outcomes by reducing false positives and creating security guardrails that scale.
• Build automation and scripts for security testing, enforcement, metrics, and reporting.
• Cloud & Platform Security Assess and advise on security controls for: IAM and access policies Network segmentation and security groups Encryption and key management Logging and monitoring Support containerized and orchestrated environments (Kubernetes).
• Incident Support & Security Operations Collaboration Partner with security operations teams on incident response support for product-owned services.
• Assist in root cause analysis and drive remediation actions that prevent recurrence.
• Contribute to security standards, runbooks, and operational readiness.
• Security Standards & Governance Support Help define and maintain security requirements aligned to enterprise standards such as: NIST 800-53 / 800-171 ISO 27001/27002 CIS Benchmarks/STIG OWASP Top 10 GDPR EU CRA
• Support audit and compliance readiness by assisting with evidence generation and control validation for product environments.

Benefits

• Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
• Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
• Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.