Security Engineer

About The Position

Requirements

• 3+ years of demonstrated experience in systems (On-Prem, Hybrid, and Cloud) and application security, including infrastructure hardening and secure software development using security frameworks and best practice methodologies
• 3+ years of demonstrated security engineering within complex AWS environments as a primary focus
• 3+ years of demonstrated knowledge in common web application and infrastructure vulnerability detection, mitigation, remediation, and reporting with related security / penetration testing tools
• 2+ years of experience with EDR, Zero-Trust, Email, and SIEM security toolset deployment with Crowdstrike as a focus
• 2+ years working with a Security Operations Center internal and external
• 2+ years with securing virtual servers / services, CI/CD Pipelines (Github / GitHub Actions / GitHub Advanced Security), and microservices environments (including serverless) via Infrastructure as Code deployment methods (Terraform)
• Attention to detail and a commitment to delivering high-quality, secure applications, systems, and platforms
• Keeping current with information security news and provide updates to the team and business as needed

Nice To Haves

• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ / Pro
• Security Engineering and Administration within Azure / GCP environments.
• Cloudflare-based networking security and administration.
• Demonstrated experience with AI security and best practices
• Familiarity with secure coding practices in languages (including JavaScript, Node, C#, SQL) and DevSecOps practices such as SAST and DAST scanning.
• Possesses a solid understanding of authentication and authorization mechanisms and best practices (OAuth, SSO, SAML, JWT, MFA, Zero Trust with Okta and Zscaler as focuses)
• Strong analytical and problem-solving skills within a team environment
• Excellent communication skills, both written and verbal, including the ability to clearly articulate security risks to non-technical stakeholders
• Experience with weekly security communications and presentations to leadership

Responsibilities

• Security Assessment & Testing: Participate in regular security assessments of applications and systems, including static and dynamic analysis, penetration testing, and code reviews, to identify and mitigate vulnerabilities
• Security Integration in SDLC: Collaborate with development and product teams to integrate security measures throughout the software development lifecycle (SDLC), from design to production
• Vulnerability Management: Help identify, prioritize, and track security vulnerabilities; provide remediation recommendations, such as patching or secure coding fixes. Monitor threat intelligence feeds and assist in applying relevant protections.
• Threat Modeling: Work with development teams to perform threat modeling and risk assessments for new applications and features to identify potential security issues early in the development process to protect our systems, data, and users from advanced persistent threats
• Security Tooling & Automation: Assist in implementing and maintaining security tools and automation to detect vulnerabilities and monitor security posture.
• Incident Response & Investigation: Respond to security incidents and application breaches, conducting root cause analysis and guiding corrective measures to prevent future incidents
• Security Documentation & Reporting: Document security findings, communicate risks to relevant stakeholders, and generate reports for leadership on the status of application security across the organization
• Compliance & Best Practices: Support compliance with standards (ISO, NIST, OWASP, PCI-DSS, GDPR, and others as applicable) and contribute to security guidelines.
• Training & Awareness: Share secure coding practices, threat awareness, and vulnerability mitigation techniques with development teams.
• Vendor Risk Assessments: Understand, measure, and mitigate security and other risks that come with relying on external vendors.

Benefits

• Remote or hybrid work options
• Monthly Wellness Reimbursements
• Home office Reimbursements
• Company paid meal delivery pass
• 100% Paid Health and Dental available
• 401(k) matching, no vesting
• Stock Options
• Pet Insurance
• Dog-friendly downtown office