Senior Security Engineer

This is a fully remote position, open to applicants in California.

📋 Description

• Implement, maintain, and enhance security controls across AWS environments.

• Facilitate secure configurations for IAM, logging, monitoring, networking, and cloud services.

• Manage and enhance vulnerability management processes for infrastructure, applications, containers, and dependencies.

• Assess security findings, assign responsibilities, track remediation efforts, and collaborate with engineering teams to ensure closure.

• Support security workflows for SAST, SCA, DAST, SBOM, and container security using tools such as Snyk and AWS-native services.

• Assist in integrating security checks into CI/CD pipelines and development workflows.

• Monitor the remediation of penetration testing findings and confirm the resolution of high-priority issues.

• Aid in the implementation of NIST 800-171 controls, evidence collection, and preparation for audits.

• Keep precise documentation of security controls, risks, exceptions, and remediation progress.

• Facilitate enterprise-grade security monitoring and incident response by utilizing centralized logging, alerting, and detection capabilities to identify, investigate, and act on security events across the environment.

• Support security monitoring, alert triage, investigation, and incident response initiatives.

• Collaborate with Engineering, Platform, and IT teams to enhance security processes without introducing unnecessary friction.

• Contribute to the establishment of repeatable DevSecOps practices across teams.

⛳️ Requirements

• Over 5 years of experience in security engineering, cloud security, application security, DevSecOps, or similar roles.

• Extensive hands-on experience with AWS security concepts and services.

• Proficient in IAM, logging, monitoring, networking, and best practices for cloud security.

• Experience with vulnerability management processes and tracking remediation efforts.

• Familiarity with application security tools including SAST, SCA, DAST, SBOM, and container scanning.

• Experience with CI/CD pipelines and secure software delivery methodologies.

• Background in enterprise security monitoring and incident response, including centralized logging, alerting, and investigation of security incidents.

• Capability to work directly with engineering teams to address security findings.

• Strong skills in documentation, tracking, and follow-through.

• Highly self-motivated, pragmatic, and capable of thriving in a fast-paced startup environment.

• Excellent team player with a proven track record of taking ownership and driving execution.

• Familiarity with NIST 800-171 or related security/compliance frameworks is advantageous.

🏝️ Benefits

• Health insurance: Medical, Vision, Dental

• Flexible time off

• Maternity, Paternity & Parental Leave

• 401K Matching