Staff Security Engineer

About The Position

Requirements

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Expertise in implementing and managing SIEM solutions with comprehensive and efficient alerting and monitoring capabilities.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Experience with Web Application Firewalls (WAF).
• Experience with cloud security concepts and best practices.
• Experience working with compliance frameworks such as SOC 2 and PCI.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
• A passion for mentoring others.

Responsibilities

• Develop and manage threat detection capabilities, including configuring, tuning, and managing a SIEM solution to identify, analyze, and respond to security threats across multiple layers.
• Perform architecture reviews, code reviews, infrastructure config reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify and resolve vulnerabilities and other security risks.
• Maintain a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
• Collaborate with development and infrastructure leadership to enforce secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Strategize and implement secure architectures, frameworks, and tooling for enterprise security.
• Develop and maintain security guidelines for managing and deploying security tools.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.

Benefits

• Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Check out our full list at engine.com/culture.
• Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model.