Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical field, or equivalent professional experience.
• Five to seven years of experience in security engineering, with strong exposure to application security and enterprise security operations.
• Deep expertise in vulnerability management, including hands-on experience with platforms such as Rapid7 or Qualys.
• Strong knowledge of application security concepts, OWASP Top 10 vulnerabilities, secure coding practices, and DevSecOps principles.
• Proven experience with MITRE ATT&CK mapping for detection engineering, threat hunting, and incident response.
• Hands-on experience administering SIEM, EDR, SOAR, and IAM platforms, as well as securing cloud environments across AWS, Azure, or GCP.
• Proficiency in scripting and automation using tools such as Python or PowerShell to improve security efficiency and response.
• Excellent analytical, communication, and collaboration skills, with the ability to translate technical findings into clear remediation guidance for diverse audiences.

Nice To Haves

• Relevant security certifications such as CySA+, GSEC, CEH, AWS Security Specialty, or similar credentials are a strong plus.

Responsibilities

• Lead application security and vulnerability remediation efforts across development and infrastructure teams, ensuring findings are validated, prioritized, and resolved effectively.
• Administer and optimize SAST, DAST, and SCA tools, integrating them into CI/CD pipelines and ticketing systems to support secure development practices.
• Manage enterprise vulnerability management programs, including scanning strategies, risk-based prioritization, exception handling, and SLA tracking.
• Develop and maintain MITRE ATT&CK–mapped detection rules, hunting queries, and incident reports to improve threat visibility and response effectiveness.
• Administer and enhance SOAR platforms by building playbooks, automations, and integrations with SIEM, EDR, and case management tools.
• Act as a senior escalation point for security incidents, leading complex investigations and supporting incident response at Tier 2 and Tier 3 levels.
• Provide security engineering guidance for cloud, infrastructure, and application architecture, including WAF reviews, IAM configuration, and secure design reviews.
• Analyze threat intelligence, integrate threat feeds, and translate insights into actionable detections, policies, and security improvements.

Benefits

• Competitive salary aligned with experience and market standards.
• Flexible and generous paid time off, including paid volunteer days.
• Comprehensive healthcare coverage and wellness benefits.
• Employer-sponsored 401k plan with company match.
• Paid parental leave and family-friendly benefits based on tenure.
• Tuition reimbursement and support for continuous learning and certifications.
• Flexible work arrangements to support work-life balance.
• Inclusive, people-first culture with team events, recognition, and additional perks.