Senior Security Engineer

About The Position

Requirements

• Technical Proficiency: Highly skilled in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• SIEM & Monitoring: Expertise in managing SIEM solutions with a focus on comprehensive, efficient alerting that reduces "noise."
• Cloud & Containers: Strong knowledge of Docker and Kubernetes, with hands-on experience in automated container vulnerability management.
• Security Testing: Mastery of SAST, DAST, and IAST tools, with the ability to perform manual validation testing to confirm findings.
• Security Principles: Deep knowledge of the OWASP Top 10, Mitre Top 25, and secure coding practices.
• Analytical Problem Solving: Ability to assess complex, ambiguous situations to identify root causes and provide thoughtful input on difficult security topics.
• Communication: A track record of earning credibility with peers through clear, direct communication and a passion for mentoring others.
• Compliance & Frameworks: Experience working with cloud security concepts and compliance frameworks such as SOC 2 and PCI.

Responsibilities

• Threat Detection & SIEM Ownership: Own the configuration, tuning, and management of our SIEM solution. You will diagnose unusual threats through sophisticated analysis and develop the alerts needed to respond to security incidents across multiple layers.
• Security Analysis & Reviews: Perform architecture reviews, code reviews, and infrastructure configuration reviews. You will conduct light penetration testing on web and mobile apps, identifying root causes of vulnerabilities and resolving them using creative problem-solving.
• Vulnerability Management: Maintain and optimize a vulnerability management CI/CD pipeline within our container/application delivery infrastructure. You will adapt proven methods to align security goals with business objectives, even when guidance is light.
• Cross-Functional Collaboration: Partner with development and infrastructure teams to enforce secure coding practices and remediation strategies. You will adapt your messaging across teams to reduce misalignment and move security work forward.
• Implementation & Tooling: Build and maintain the frameworks and tooling for enterprise security, ensuring that security guidelines are clear and actionable for the broader engineering organization.
• Incident Response: Play a key role in incident response and forensic investigations. You will weigh context and data thoughtfully to make smart decisions during high-pressure situations.
• Security Advocacy: Stay current on the latest threats and provide direct, clear guidance to development teams. You will help develop security training to empower your peers and improve the team’s overall security posture.

Benefits

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.