Staff Security Operations Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Collaborate with engineering teams to perform threat modeling and security assessments on new features and architectural modifications.

• Develop and enhance Apollo's application security program, which includes SAST/DAST tooling, dependency scanning, and secure coding practices.

• Integrate security requirements into the SDLC, incorporating security checkpoints within CI/CD pipelines.

• Identify and address vulnerabilities in Apollo's products and APIs, prioritizing a reduction in systemic risk over isolated fixes.

• Serve as a security consultant for product teams creating customer-oriented features, especially those related to authentication, authorization, and data management.

• Progress Apollo’s detection and response strategy in collaboration with engineering and IT leadership.

• Implement and ensure compliance with SOC 2 and other cloud security standards.

• Manage escalations from Sales and Customer Success teams.

• Construct and refine monitoring, logging, and alerting systems to enhance visibility while minimizing unnecessary alerts.

• Propel the automation of SecOps workflows to expedite investigations and responses.

• Guide the secure integration of AI within Apollo, from internal applications by engineers to AI-enabled product features.

• Participate in our on-call rotation (we maintain a lightweight and manageable schedule).

⛳️ Requirements

• Over 6 years of experience in security engineering, encompassing both application security and security operations.

• Robust foundation in application security: threat modeling, SAST/DAST, dependency management, and secure SDLC methodologies.

• Extensive knowledge of detection and response in cloud-native settings.

• Experience in developing and automating security tools (scripting/programming languages, SIEM, SOAR, or AppSec tools).

• Demonstrated ability to work alongside engineering teams to enhance security posture while minimizing impacts on delivery schedules.

• Proven track record of fostering a security-minded culture within an engineering organization.

• In-depth understanding of SOC 2, ISO 27001, or equivalent security frameworks.

• Demonstrated capability to lead or coordinate incident response efforts across various teams.

• History of positively influencing operational security culture and practices without direct authority.

🏝️ Benefits

• Health insurance

• Dental and Vision benefits

• 401(k)

• Flexible working hours

• Professional development opportunities