Senior Security Engineer 3 – Product & Application Security

Senior Security Engineer 3 – Product & Application Security

Requirements

• Proficiency with Application & Product Security typically associated with 4 – 5 years of experience in a Security Engineering role working with a cloud-native, microservices environment, preferably AWS.
• Familiarity with cloud-native product technologies including: Vulnerability detection via multiple approaches including SAST, DAST, SCA, and runtime (e.g., Qualys/Nessus, Wiz, Snyk, GHAS, Semgrep, etc.) CI/CD technologies and integrations (e.g., CircleCI, Buildkite, Helm, Terraform, Chef) Product security event logging standards and analysis tools (e.g., SIEM such as: SumoLogic, LogRythm, or Splunk, etc.) Security Incident Response & Risk Management processes and tools
• Proficiency in at least one programming language and framework (e.g. Python, Bash, Phoenix/Elixir, Java, Ruby on Rails), typically associated with 3 – 4 years of experience with the language/framework.
• Have exceptional written, oral communication, and interpersonal skills.
• Organizational skills with the ability to successfully manage multiple priorities and deadlines.

Responsibilities

• Embrace the role of hands-on technical lead in defining product security standards and guiding platform protections.
• Establish criteria and conduct comprehensive security reviews throughout all stages of product development to identify and address security risks.
• Perform regular threat assessments, coordinate with third-party testers for penetration testing, and conduct internal penetration testing to identify and mitigate security risks.
• Mentor and guide team members to ensure product and business objectives are prioritized in project implementations, fostering a strong documentation culture with project charters and design documents.
• Work with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach, and collaborate with the team to design and implement effective security frameworks. Maintain a strong appetite for challenging problems with a high degree of ownership.
• Participate in the team’s On-Call rotation, triaging and addressing security issues as they arise, and implement measures to prevent future occurrences.
• Enable service team security implementations by developing security-as-code constructs, including infrastructure-as-code (IaC) modules, libraries and frontend components, while creating and maintaining developer-focused documentation to promote easy adoption.
• Establish and uphold baseline standards and hardened configurations for platform components.
• Continuously enhance security frameworks by focusing on product security standards and software supply chain protections, tailored for application security in cloud-native, microservices environments.

Preferred Qualifications

• Ability to analyze complex problems, develop solutions under guidance, and assist in implementing these solutions with a growing set of change management skills.
• Possesses a strong sense of ownership and a keen discernment for excellence in securing systems within a SaaS environment, demonstrating the ability to distinguish what constitutes truly robust and effective product security.
• Current or past experience with obtaining and maintaining FedRAMP authorization.
• Experience working at a SaaS company larger than 1000 employees and $100M in revenue.
• Familiarity with Cloud Infrastructure security (such as AWS GuardDuty, AWS CloudTrail, AWS Secrets Manager, AWS IAM & Identity Center, AWS Control Tower, Azure Security Center, Microsoft Defender for Cloud, etc.)
• Familiarity with Container Security (e.g., Kubernetes, EKS, AKS, service mesh, baseline/benchmark hardening, identity and secrets orchestration, etc.)
• Demonstrated history of mentoring and coaching.