Sr. Security Engineer - Product & Apps
To see similar active jobs please follow this link: Remote System Administration jobs
About the Role:
As a Senior Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs, and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.
You Will:
Ownership of security scanning complex (SAST, SCA, DAST, etc.)
Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
Ensure information security and regulatory requirements are effectively integrated into new or improved systems
Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
Establish credibility among technology experts as the subject matter expert across security disciplines
Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
Define, publish, and implement Security Standards / Frameworks
Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
Mentor and guide engineering teams on security best practices
Serve as a champion for secure SDLC and secure cloud adoption
Threat modeling, end-to-end security evaluation
You Have:
Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
8+ years of relevant technical experience
5+ years of security experience
Prior experience with Mobile and API security
Deep understanding of the Twelve-Factor App methodology
Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program
Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2
CISSP, CCSP, and AWS Cloud certification desirable
Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices
Our Benefits (there are more but here are some highlights):
Competitive salary & equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
Employee discounts on hims & hers & Apostrophe online products
401k benefits with employer matching contribution
Offsite team retreats
#LI-Remote
About the job
Sr. Security Engineer - Product & Apps
To see similar active jobs please follow this link: Remote System Administration jobs
About the Role:
As a Senior Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs, and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.
You Will:
Ownership of security scanning complex (SAST, SCA, DAST, etc.)
Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
Ensure information security and regulatory requirements are effectively integrated into new or improved systems
Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
Establish credibility among technology experts as the subject matter expert across security disciplines
Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
Define, publish, and implement Security Standards / Frameworks
Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
Mentor and guide engineering teams on security best practices
Serve as a champion for secure SDLC and secure cloud adoption
Threat modeling, end-to-end security evaluation
You Have:
Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
8+ years of relevant technical experience
5+ years of security experience
Prior experience with Mobile and API security
Deep understanding of the Twelve-Factor App methodology
Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program
Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2
CISSP, CCSP, and AWS Cloud certification desirable
Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices
Our Benefits (there are more but here are some highlights):
Competitive salary & equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
Employee discounts on hims & hers & Apostrophe online products
401k benefits with employer matching contribution
Offsite team retreats
#LI-Remote