Security Engineer

The Security Engineer is responsible for enhancing application and cloud security by integrating security practices, automation, and tooling throughout the software development lifecycle.

This role requires a strong development background, expertise in modern application security tools, and the ability to work closely with engineering teams as a security subject‑matter expert.

The engineer will guide secure coding practices, implement CI / CD security controls, and support continuous improvement of the organization’s security posture.

Key Responsibilities

Implement, manage, and optimize application security tools including SAST, SCA, DAST, WAF, and ASPM solutions.

Build and automate security touchpoints within CI / CD pipelines using tools such as GitHub Actions, Workflows, and Jenkins.

Provide secure coding guidance and integrate security checks throughout the SSDLC and DevSecOps processes.

Conduct threat modeling, identify supply chain risks, and guide remediation efforts.

Work with development teams as a Security SME to coach developers, showcase security tooling capabilities, and improve adoption.

Leverage code scanning and security analysis tools (e.g., Veracode, Snyk, GitHub Advanced Security) to detect and track vulnerabilities.

Collaborate with engineering teams to integrate security into containerized, cloud, and infrastructure environments.

Write secure, maintainable code in Python, Java, or other languages as needed for automation and tooling enhancements.

Required Qualifications

7+ years of experience in Application Security or related domains (infrastructure, container, or cloud security).

Strong development background with hands‑on experience in Python, Java, or similar programming languages.

Expertise with application security concepts, including OWASP Top 10, threat modeling, supply chain security, and secure development practices.

Experience with security tools covering SAST, SCA, DAST, WAF, and ASPM.

Strong understanding of CI / CD pipelines and experience integrating security automation within them.

Proficiency with GitHub Actions, Workflows, Jenkins, or similar CI / CD orchestration tools.

Hands‑on experience with application security tools such as Veracode, Snyk, or GitHub Advanced Security.

Experience coaching development teams, demonstrating security tooling benefits, and serving as a security subject‑matter expert.

#J-18808-Ljbffr