Sr Security Engineer - Remote

Job Summary:

The Senior Security Engineer primary role will be to lead application security architecture and design reviews working closely with development teams to help mitigate application security risks. As part of this effort, the engineer will also contribute to the internal penetration testing program, leveraging offensive security techniques to assess application security. Ideal candidates will demonstrate an offensive mindset with the ability to recommend practical mitigation strategies and solutions.

What you will contribute:

• Lead application security architecture and design reviews, ensuring security is embedded at every stage of software development.
• Perform threat modeling, security assessments, and secure code reviews to identify vulnerabilities and provide actionable remediation guidance.
• Conduct in-depth web application security testing, including manual and automated assessments, to identify vulnerabilities such as injection flaws, authentication weaknesses, and misconfigurations.
• Participate in and enhance the internal penetration testing program, applying offensive security techniques and developing test plans to simulate real-world attacks.
• Collaborate with development teams to integrate secure coding practices, security automation, and pipeline security into CI/CD workflows.
• Develop and refine security testing frameworks, tools, and methodologies to improve assessment capabilities and automation.
• Stay updated on emerging threats, vulnerabilities, and mitigation techniques, ensuring continuous improvement and adoption of new security practices.
• Educate and train product teams on application security best practices and secure development principles.
• Assist in forensic investigations to determine the source and impact of security breaches when necessary.
• Prepare and present detailed security reports with risk analysis and remediation strategies, effectively communicating to both technical and non-technical stakeholders.
• Contribute to the continuous improvement of the application security program, ensuring alignment with evolving security landscapes and business needs.

The ideal candidate will have:

• Bachelor's Degree or equivalent Technical / Business experience Required
• 4-7 years relevant work experience Preferred
• 3+ years in a comparable security/testing role Required
• CISSP, OSCP, OSCE, CEH, or other relevant certifications are highly desirable as well as the ability to obtain certifications, as needed.
• Ability to navigate through compliance requirements and understand their impact on security assessments.
• Proficiency in pen testing on web applications using Burp Suite and other security testing toolkits, with network and system pen testing experience being welcome but at a lower priority
• Deep understanding of the software development lifecycle and the various stages/areas where vulnerabilities can be introduced. Including:
• Application attack surfaces such as UI/UX interfaces, API endpoints, IDE/source code management, third-party dependencies
• Application design including authentication mechanisms, data encryption/transmission
• Pipeline Security: CI/CD workflows, Infrastructure as Code (IaC)
• Excellent verbal and written communication skills. Ability to explain complex security issues and risks to non-technical stakeholders.
• Strong analytical and problem-solving skills with the ability to think like both an attacker and a defender.
• Knowledge of scripting and programming languages like Python, Bash, or Perl to automate tasks and write custom exploits if necessary