Senior Security Engineer II

Recruiter
Signifyd
Location
San Jose
Salary
Competitive
Posted
26 Sep 2024
Closes
24 Oct 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations, and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.

Responsibilities

You will perform the following responsibilities alongside other members of the information security team:

  • Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);
  • Triage security operations center (SOC) alerts as the Level II/III escalation support;
  • Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;
  • Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;
  • Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;
  • Perform internal security testing, assessments, and triaging of alerts from security tooling;
  • Conduct secure code reviews, secure design reviews, and threat modeling activities;
  • Support GRC activities through control evidence collection;
  • Contribute to operational support activities for all security capabilities, including preparing self–service operational support documentation for developers and project teams, responding to internal support chat groups;
  • Contribute to the design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;
  • Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.

Requirements

  • Ability to automate or develop basic tasks in at least one programming language such as Java, JavaScript, or Python;
  • Professional certifications such as WAPT, PPT, OSCP, etc., and/or a computer science degree;
  • 1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;
  • Experience working with cloud technologies such as AWS, GCP, Azure, Docker/Kubernetes.