2 days ago
Responsibilities
- Act as a security engineering subject matter expert across multiple teams or services.
- Establish, document, and evolve secure coding standards for SaaS applications.
- Lead and participate in secure design and code reviews to identify security flaws.
- Collaborate with engineers to remediate vulnerabilities in a scalable manner.
- Ensure security considerations are balanced with performance and developer productivity.
- Identify assets, trust boundaries, attack surfaces, and data flows.
- Define, track, and manage security risks and mitigations as engineering artifacts.
- Translate threats and regulatory obligations into actionable security requirements.
- Ensure security requirements are incorporated into architecture decisions and product backlogs.
- Define and validate security controls for authentication, encryption, and data protection.
- Provide security engineering leadership for SaaS applications subject to HIPAA and PCI DSS.
- Partner with Compliance, Risk, and Audit teams to support regulatory obligations.
- Validate security controls using secure code analysis and threat-driven test scenarios.
- Support penetration testing and security assessments, ensuring findings are resolved sustainably.
- Influence security posture through technical leadership and coaching.
- Serve as a key contributor during incident response and security retrospectives.
Requirements
- 6+ years of experience as a Software Engineer with a focus on application security.
- Proven experience securing cloud-native SaaS applications.
- Hands-on experience establishing secure coding standards.
- Strong understanding of authentication, secure session management, and data protection.
- Experience working in Agile development environments.
- Experience supporting HIPAA-regulated systems and PCI DSS applications.
- Understanding of how compliance requirements translate into practical engineering controls.