Senior Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
• 3–7+ years of experience in full-stack software development.
• 2+ years of experience in application or infrastructure security engineering.
• Proficiency in at least one modern front-end framework (e.g., React, Angular, Vue.js).
• Experience with back-end development in languages such as Python, Node.js, Java, or NET.
• Familiarity with OWASP Top 10, secure design principles, and threat modeling.
• Hands-on experience with CI/CD tools (GitHub Actions, Jenkins, GitLab CI) and securing DevOps pipelines.
• Experience with container security (Docker, Kubernetes) and IaC tools (Terraform, CloudFormation).
• Solid knowledge of authentication standards (OAuth2, SAML, JWT) and session management.

Nice To Haves

• Experience with penetration testing or ethical hacking (OSCP, CEH, or similar a plus.
• Certifications such as CSSLP, CISSP, or GIAC GWAPT are a plus.
• Familiarity with security platforms such as Snyk, Veracode, SonarQube, Burp Suite, etc.
• Experience integrating with enterprise IAM and zero trust architectures.
• Familiarity with agile and DevSecOps methodologies.
• Contributions to open-source security projects or developer communities.

Responsibilities

• Application Security
• Conduct threat modeling, code reviews, and penetration testing for in-house applications.
• Integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) tools into CI/CD pipelines.
• Provide secure design and coding guidance to development teams (DevSecOps support).
• Develop and maintain secure coding standards and best practices.
• Work with development teams across the globe to implement secure coding best practices
• Full Stack Security Engineering
• Analyze and secure web applications from both client-side (e.g., React, Angular) and server-side (e.g., Node.js, Python, Java, .NET) threats.
• Make design and implement security features (in QA environments) and controls into enterprise applications and APIs.
• Develop internal security tools and dashboards using modern front-end and back-end frameworks.
• Infrastructure & Cloud Security
• Collaborate with DevOps and Cloud teams to secure cloud-native workloads (AWS, Azure, or GCP).
• Automate detection and remediation of misconfigurations using Infrastructure as Code (IaC) and security orchestration.
• Monitor and respond to vulnerabilities and threats in deployed applications and containers.
• Security Operations Support
• Build or integrate with SIEM/SOAR systems to monitor applications for anomalies and abuse.
• Contribute to the design of automated response playbooks for web application and API threats.
• Participate in incident response efforts involving application-layer or code-related incidents.
• Establish a dashboard in the SIEM to maintain dynamic metrics on threat blocking
• Incident Response
• Log analysis and forensics.
• Coordinate with development teams to address active incidents and application incidents.

Benefits

• We offer flexible vacation, generous parental leave, and prioritize initiatives that support the growth, development, and happiness of our people.