3+ years of experience in web application security, SSDLC, Threat Modeling.
5+ years crafting, implementing and supporting highly scalable backend applications.
Deep understanding of web application security threats, exploits, prevention, HTTP and REST APIs.
Strong experience with Java and the Java ecosystem.
Experience with NoSQL & technologies like Cassandra preferred.
Proficiency in networking concepts (firewalls, load balancers, etc).
Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc).
Ability to craft and establish secure coding patterns/standards across multiple code repositories.
Experience securing infrastructure in public clouds (e.g. AWS, Azure, Google Cloud) and in Kubernetes.
Familiar with tools and technologies used in penetration testing, vulnerability scanning, SAST and DAST.
Description
DescriptionAs a Security Engineer in the Infrastructure team, you will: Be designing, developing and deploying large scale services and platforms. Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies. Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Providing specific risk assessment and remediation guidelines for developers and business owners. Believe in automation and tooling as a critical part of the software lifecycle. Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines. Work with developers and team-mates to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization. Be curious about how systems work and how they fail, design them to be sustainable in the face of failures. Have some cool war stories to tell from your past experience.
Education & Experience
Education & ExperienceBS in Computer Science, Mathematics, or EE, or relevant industry experience is required.
