Job Title – Security Engineer III
Duration – 1 Year
Location – Seattle, New York, San Francisco, Sunnyvale - Hybrid. 50% in office. Tue/Thu every week, Wed every 2 weeks
About the Role
In this role, you will provide security and privacy specific corrective guidance to engineers, author security-related feature requests against products, build security and privacy enhancing tools and own technical interfacing for related remediation efforts. This is a fantastic opportunity for an experienced security engineer who is knowledgeable in multiple security domains to play a central role in shifting security left and make cross-cutting strategic impacts to the security of our next-gen systems and services!
Key Responsibilities
- Perform multi-disciplinary security and privacy design reviews of engineering design proposals while considering aspects of application security, cloud security, infrastructure security, data-layer security.
- Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security and privacy posture of our products and services.
- Be a subject matter expert and ambassador to core Engineering in the areas of security and privacy by design
- Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
- Train and support Engineering Security Ambassador Program
- Collaborate with cross-functional engineering teams to ensure security requirements are integrated from the outset of each project
Minimum Qualifications
- Bachelor's in computer science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
- 3+ years overall of application security & security architecture experience
- Good knowledge of APIs (REST, GraphQL, SOAP/XML, gRPC) and microservice architecture
- Familiarity with OWASP Standards (Web, API, LLM, Mobile)
- Possess a broad knowledge of threat modeling such as STRIDE and the associated design patterns to correct and/or mitigate security attacks and threats
- Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
- Familiarity with the security architecture of one or more of the following public cloud providers: AWS, Azure, GCP, OCI
- Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to solve complex technical controls problems in our product suite.
- Ability to think like an attacker in order to identify security gaps
Preferred Qualifications
- Background in Penetration Testing or Red Teaming
- Certification or equivalent CISSP knowledge
- Ability to read code and use code to automate processes
- Familiarity with Jira and ideally Jira automation
- Experience with one of: Go, Java, Python, NodeJS
- Experience with RDBMS and non-RDBMS (NoSQL) data store technologies such as PostgreSQL, MySQL, Hadoop, GCP BigQuery, AWS RDS & DynamoDB, GraphQL, and more.
- Experience with Identity-aware proxy and HTTP routing technologies.
- Familiarity with privacy and security compliance standards such as GDPR, HIPAA, PCI-DSS and how they guide or affect secure systems design
- Knowledge or willingness to acquire skills around AI/LLM/ML Security