Senior Security Engineer

📋 Description

• Oversee security operations initiatives aimed at safeguarding modern software development pipelines, Continuous Integration/Continuous Deployment (CI/CD) platforms, and cloud-native DevOps environments.

• Collaborate with engineering and DevOps teams to integrate security measures into the Software Development Life Cycle (SDLC) utilizing Dev/SecOps best practices.

• Design, implement, and oversee security measures for source code repositories, build systems, artifact management platforms, and deployment pipelines.

• Perform threat modeling, risk assessments, application penetration testing, and security evaluations for in-house developed applications, APIs, and automation platforms.

• Create and uphold detection and response capabilities to address software supply chain threats, credential misuse, pipeline breaches, and cloud workload attacks.

• Administer vulnerability management processes for applications, containers, infrastructure-as-code, open-source dependencies, and CI/CD tools.

• Deploy automated security scanning tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) scanning, and container security solutions.

• Monitor security events across cloud platforms, developer tools, Software as a Service (SaaS) environments, and production systems utilizing SIEM/XDR technologies.

• Investigate and respond to security incidents involving applications, DevOps tools, cloud environments, and identity management platforms.

• Set security standards for AI/ML systems encompassing model governance, secure API usage, data protection, and responsible AI controls.

• Identify and mitigate emerging AI-related risks such as prompt injection, model exploitation, data leakage, shadow AI usage, and unauthorized automation.

• Assess, implement, and secure enterprise AI tools to enhance SecOps efficiency, threat detection, alert triage, and incident response processes.

• Develop automation scripts and workflows to optimize repetitive security operations tasks and enhance response times.

• Work closely with developers to swiftly address security issues while maintaining operational efficiency and release pace.

• Generate dashboards, metrics, and reports to assess security posture across DevOps pipelines, application environments, and AI platforms.

• Keep abreast of evolving threats related to software supply chain security, cloud platforms, DevOps ecosystems, and artificial intelligence technologies.

• Additional responsibilities as assigned.

⛳️ Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Software Engineering, or a related field is required; equivalent professional experience may be accepted.

• A minimum of 5 years of experience in Security Operations, Cybersecurity Engineering, DevSecOps, or similar information security roles.

• Practical experience in securing CI/CD pipelines, source code repositories, cloud environments, and contemporary software development platforms.

• Proficiency with security tools such as vulnerability management, SIEM, endpoint detection, SAST/DAST, container security, and Infrastructure as Code (IaC) scanning.

• Extensive knowledge of cloud platforms including Amazon Web Services (AWS), Microsoft Azure, or Google Cloud.

• Experience with automation or scripting in languages such as Python, PowerShell, Bash, or similar, with a preference for familiarity in securing or governing AI tools and platforms.

🏝️ Benefits

• A dynamic, entrepreneurial culture that emphasizes innovation.

• A flexible and autonomous working environment.

• A culture rooted in respect, learning, and excellence.

• Collaboration with experienced and highly skilled professionals as teammates.

• Opportunities for growth and travel.

• A team of change-makers making a meaningful impact on people and the planet.