Senior Security Engineer - Remote, US
Pager is looking for a Senior Security Engineer to join our growing team. To be our first engineer for the security team that has close contact with the engineering team on security items: secure coding, SDLC efforts, code/architecture reviews, project security reviews, penetration testing, and application scanning processes. An engineer that has a strong technical understanding of web applications, backend services, penetration techniques and methodologies.
We are looking for a candidate that can bring the best of current industry knowledge and work at Pager to advance our security posture. We see this role as a mid-level position with lots of potential for growth.
You are a good fit if:
- Understanding of SecOps principles, tools, and their application for Cloud-Native Applications including Terraform, Kubernetes, Docker
- You have a strong foundation on best-practices related to coding and software engineering in general.
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols for Google Cloud Platform and Amazon Web Services.
- Understanding of the latest security principles, techniques, and protocols for cloud-based security management, IDS, IPS, SIEM, DLP, OWASP, and NIST framework.
- Experience with network security and networking technologies and with system, security, and network monitoring tools.
- You have a strong background in automation tools, containerized software development, and computer networking.
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
- Experience in regulated industries such as Healthcare, FinTech, or Defense (e.g. HITRUST, SOC, HIPAA)
- Penetration testing experience
- Knowledge of authentication mechanisms like SAML, OAuth, etc.
- You have 6+ years of security engineering specific experience
- BA/BS degree or higher, preferably in a technical field (Computer Science, IT, etc) or equivalent practical experience
Nice to Have skills/experience:
- CompTIA Security+, Certified Ethical Hacker, CISSP, or a relevant certification
- Experience working with/on external 3rd party audit team (architecture reviews)
- Practical knowledge of normalizing multiple log types
- Hands on experience with Bug Bounty programs
What you will be doing:
- Contributing security-focused feedback to engineers during all phases of the development lifecycle.
- Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.
- Maintaining secure development practices and programs for our engineering teams
- Advising teams across the organization (infrastructure, application engineering, analytics, etc.) to ensure the security, availability and confidentiality of our infrastructure.
- Stay up to date with the latest application security developments and security trends to continually improve internal processes