Sr Security Developer- Drupal

We are seeking an experienced Software Development Coach to mentor and guide our engineering teams in improving code quality, security, and overall development practices. The role involves conducting code reviews and audits, performing security scans, advising on the selection of open source libraries, creating educational materials and conducting training sessions on secure coding, and staying up-to-date on industry best practices. The ideal candidate should have deep expertise in secure coding practices, automated scanning tools, and DevSecOps workflows, as well as excellent communication skills to effectively mentor teams and align on priorities.

• Perform code reviews and audits to identify potential vulnerabilities, bugs, unused code, and other issues
• Conduct security scans using Snyk, Invicti, and other tools to detect vulnerabilities
• Work closely with developers to remediate findings from scans and reviews
• Advise on selection of open source libraries/modules; evaluate options for security, maintenance, performance
• Create educational materials and conduct training sessions focused on secure coding, threat modelling, DevSecOps
• Stay up-to-date on languages, frameworks, tools, and best practices
• Collaborate with the Security team to ensure the remediation of vulnerabilities
• Spot-check code quality through regular reviews and provide improvement recommendations
• Monitor open source projects used and alert teams to vulnerabilities needing an upgrade

• 5+ years experience in software development, specifically in Drupal
• Deep expertise in secure coding practices and automated scanning tools
• Experience implementing and advising on DevSecOps workflows
• Excellent communication skills, able to mentor teams and align on priorities

• Collaborate with the Security team
• Ensure remediation of vulnerabilities
• Spot-check code quality
• Provide improvement recommendations
• Monitor open source projects for vulnerabilities
• 5+ years experience in software development (Drupal)
• Deep expertise in secure coding practices and automated scanning tools
• Experience implementing and advising on DevSecOps workflows
• Excellent communication skills
• Able to mentor teams and align on priorities
• Passion for security and building high-quality, resilient software
• Familiarity with core technology stack (a plus)
• Relevant security certifications (CISSP, CEH)
• Comprehensive expertise with cloud platforms (AWS, Azure, Google Cloud) and their security paradigms
• Familiarity with containerized environments and their unique security challenges