Staff Platform Security Engineer

About The Position

Requirements

• Application Security Expertise: Deep expertise in identifying and mitigating security vulnerabilities within applications (e.g., OWASP Top 10), particularly in Java codebases.
• Secure SDLC: Extensive experience integrating security into the software development lifecycle, from design and code review to testing and deployment.
• Java Proficiency: Senior-level experience with Java codebases: building, running, profiling, and optimizing Java applications in secure environments.
• Container Security: Strong experience with Docker image creation, optimization, and vulnerability mitigation, specifically for applications.
• CI/CD & Automation: Proficiency with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions) and experience integrating security tools into automated pipelines.
• Tooling Familiarity: Familiarity with a range of security tools for CI/CD security, static analysis (SAST), dynamic analysis (DAST), dependency analysis (SCA), and secrets management.
• Adversarial AI & Defense: Familiarity with modern attack techniques, offensive security methodologies, and defense strategies, including OWASP Top 10 for LLMs (e.g., Prompt Injection, Data Poisoning, and Model Inversion).
• Scripting: Proficiency in scripting or programming languages (e.g., Bash, Python, Go) to automate security processes and tool integration.
• Problem-Solving: Excellent problem-solving and troubleshooting skills, with the ability to work independently in fast-paced environments.
• Communication: Strong communication skills with the ability to effectively collaborate with and educate engineering teams on security principles and best practices.
• Curiosity & Urgency: Demonstrates strong curiosity, a sense of urgency, and a hands-on approach to diving deep into complex technical problems to drive timely and effective solutions.

Responsibilities

• Collaborate with engineering teams to integrate and manage security tooling within the SDLC, strategically automating security checks and feedback loops to enhance efficiency and security posture
• Perform vulnerability scanning and participate in penetration testing exercises, automating scanning processes judiciously to identify common weaknesses, while reserving manual efforts for complex and nuanced assessments. Report findings and assist with remediation efforts.
• Develop and maintain automation scripts and infrastructure-as-code for security checks related to machine configurations, container images, IAM policies, firewall rules, and cloud storage policies.
• Implement and configure security controls within enterprise applications based on security best practices and architectural guidance.
• Contribute to threat modeling efforts by providing technical insights and implementing identified security controls.
• Work directly with engineering teams to troubleshoot and resolve security challenges across the stack while promoting a security-first mindset, identifying and automating recurring troubleshooting steps or remediation processes where it significantly improves response times and reduces manual intervention.
• Implement and operationalize security solutions for cloud-native and hybrid infrastructure based on architectural guidelines.
• Collaborate with infrastructure and cloud security teams to implement and maintain security controls across the entire technology stack, strategically prioritizing automation for consistent enforcement, monitoring, and alerting to improve overall security and reduce manual overhead.
• Implement and manage security assessment tools, including vulnerability scanners, SIEM agents, DLP endpoints, and EDR sensors.
• Participate in security assessment reviews by providing practical implementation feedback and identifying potential operational challenges.
• Develop and maintain scripts and tools to automate security monitoring and alerting.
• Stay up to date with cybersecurity threats and trends, applying this knowledge to improve implemented security controls and operational processes.

Benefits

• 100% employer-paid medical insurance
• Generous paid time-off policy (PTO), plus paid sick time, inclusive parental leave policy, holidays, and volunteer days off
• RSU stock grants
• Professional development and training opportunities
• Company virtual happy hours, free food, and fun team-building activities
• Monthly cell phone stipend
• Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching, and self-guided mindfulness exercises for all covered employees and their covered dependents.