Security Engineer III
- Vertisystem Inc.
190 Days Ago
60-80 per W2 Hourly
NA
Remote
4-6 Years
Required Skills: Experience with one of: Go, Java, Python, NodeJS Experience with RDBMS and non-RDBMS (NoSQL) data store technologies such as PostgreSQL, MySQL, Hadoop, Google Cloud Platform BigQuery, AWS RDS & DynamoDB, GraphQL, and more. Experience with Identity-aware proxy and HTTP routing technologies. Familiarity with privacy and security compliance standards such as GDPR, HIPAA, PCI-DSS and how they guide or affect secure systems design Knowledge or willingness to acquire skills around AI/LLM/ML Security
Job Description
| Job Title: | Security Engineer III |
| Job Title: | Security Engineer III UBRJP00027941 |
| Location: | San Fransisco 94103 |
| Duration: | 12 months |
|
|
|
Description:
Key Responsibilities
Perform multi-disciplinary security and privacy design reviews of engineering design proposals while considering aspects of application security, cloud security, infrastructure security, data-layer security.
Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security and privacy posture of our products and services.
Be a subject matter expert and ambassador to core Engineering in the areas of security and privacy by design
Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
Train and support Engineering Security Ambassador Program
Collaborate with cross-functional engineering teams to ensure security requirements are integrated from the outset of each project
Minimum Qualifications
Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
3+ years overall of application security & security architecture experience
Good knowledge of APIs (REST, GraphQL, SOAP/XML, gRPC) and microservice architecture
Familiarity with OWASP Standards (Web, API, LLM, Mobile)
Possess a broad knowledge of threat modeling such as STRIDE and the associated design patterns to correct and/or mitigate security attacks and threats
Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
Familiarity with the security architecture of one or more of the following public cloud providers: AWS, Azure, Google Cloud Platform, OCI
Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to solve complex technical controls problems in our product suite.
Ability to think like an attacker in order to identify security gaps
Preferred Qualifications
Background in Penetration Testing or Red Teaming
Certification or equivalent CISSP knowledge
Ability to read code and use code to automate processes
Familiarity with Jira and ideally Jira automation
Experience with one of: Go, Java, Python, NodeJS
Experience with RDBMS and non-RDBMS (NoSQL) data store technologies such as PostgreSQL, MySQL, Hadoop, Google Cloud Platform BigQuery, AWS RDS & DynamoDB, GraphQL, and more.
Experience with Identity-aware proxy and HTTP routing technologies.
Familiarity with privacy and security compliance standards such as GDPR, HIPAA, PCI-DSS and how they guide or affect secure systems design
Knowledge or willingness to acquire skills around AI/LLM/ML Security
