Security Engineer

Responsibilities

• Support “shift left” security by implementing third parties and building scripts to support modern security best practices into self-service tooling
• Work with engineering stakeholders to securely design products and fix security issues
• Create workflows and processes for the intake, triage, and resolution of security issues
• Execute proactive threat modeling and implement measures to strengthen the preventative controls of cloud infrastructure
• Work with both internal and external stakeholders to fix known vulnerabilities
• Coordinate our response procedures during active product security incidents
• Empower engineers by conducting regular developer security training
• Bring enthusiasm for working at a fast-paced startup

Requirements

• Solid understanding of the most common web application security risks as listed by the CWE Top 25 and OWASP Top 10
• DevSecOps and pipeline security implementation experience (SAST/SCA/DAST/etc.)
• Microservice architecture experience, including K8 and Docker
• Application security hands-on experience (pentesting, bug bounties, etc)
• Ability to perform root cause analysis on past security incidents to recommend improvements
• Proficiency in at least one programming or scripting language, such as Go, Java, Python, JavaScript, or Ruby
• Practical knowledge of AWS cloud services and structure
• English language fluency

Nice to haves

These aren’t required, but be sure to mention them in your application if you have them.

• Business-level or higher proficiency in Japanese and/or Chinese
• Program Management or Data Science experience
• Strong knowledge of the AWS suite of security-related services with a certification as an AWS Security Specialist
• Experience with the operation of cloud-based infrastructure and API security using services such as AWS EC2 security groups, AWS Web Application Firewall, or AWS Shield
• Past work experience with cloud-based security services like AWS Security Hub, Amazon GuardDuty, Amazon Inspector, Amazon Detective, or AWS Config
• Skills in infrastructure-as-code technologies, such as Terraform or CloudFormation
• Exploit development, Red Team, or reverse engineering experience