Security Engineer IV
Indexed description
About The Role
As a Security Engineer 4, your role is integral in ensuring the security of our products throughout their development lifecycle. You will be involved from the very beginning, participating in threat modeling and design reviews to identify potential risks early. You'll also integrate and manage SAST tools within our CI/CD pipeline, ensuring continuous security testing as code evolves. Additionally, you'll lead and conduct vulnerability assessments and penetration testing (VAPT) to proactively uncover and address security vulnerabilities before they reach production.
What You Will Do
- Lead and manage all aspects of the Secure Software Development Lifecycle (SDLC).
- Implement and manage security tools within the CI/CD pipeline (DevSecOps).
- Conduct and oversee VAPT for web applications, APIs, iOS, and Android apps.
- Perform threat modeling, design, and architecture reviews to identify potential risks.
- Execute manual source code reviews and enhance security in production environments.
- Manage and optimize a self-managed bug bounty program.
- Provide security architectural guidance to Engineering and IT teams.
- Manage issues identified from penetration tests and bug bounty programs.
- Lead security training and awareness campaigns across the organization.
- Manage Web Application Firewalls (WAF) to ensure robust protection.
- Engage in the Security Champions program to integrate security practices within teams.
- Assist in creating and maintaining Security Risk Models for both new and existing systems.
- 7+ years of experience in product security, with a focus on application security and Dev SecOps.
- Proven experience in leading architectural changes or cross-team efforts to mitigate security vulnerabilities.
- Proficiency in programming languages such as Java, React, Node.js, and Python.
- Hands-on experience with manual source code reviews and securing production code.
- Expertise in deploying and managing security tools in CI/CD pipelines.
- Experience with Git, Jenkins, Artifactory, or other similar technologies.
- Strong background in securing the software development lifecycle, including eliminating classes of vulnerabilities.
- Proficiency with cloud platforms like AWS or GCP, including their security tools.
- Experience with Docker and containerization technologies is highly desirable.
- Additional experience in infrastructure security, particularly in GCP, Docker, and containerization, is a bonus.
- Relevant certifications such as GIAC Web Application Penetration Tester (GWAPT), OffSec’s Advanced Web Attacks and Exploitation (WEB-300), etc.
- Strong understanding of SSO protocols, including OAuth and SAML.
- Experience speaking at meetups or conferences.
- Experience participating in bug bounty programs.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search