Senior Security Engineer
Senior Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Summary
This role encompasses a broad range of security responsibilities including advanced offensive security operations application security reviews secure code reviews and implementation of the Secure Software Development Lifecycle (SSDLC). The successful candidate will simulate sophisticated attacks conduct secure code reviews and contribute to the development of security tools. Responsibilities also include ensuring cloud security and Kubernetes security. The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security. They will perform threat modeling exercises with an attackers mindset leveraging their experience in bug bounty programs and red teaming simulations. The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools. This role requires a unique blend of skills and knowledge across multiple security domains.
Job Requirements
Conduct Red Team exercises simulating APTs in cloud container and AD environments.
Develop and execute adversary simulations based on the MITRE ATT&CK framework focusing on assume breach scenarios.
Simulate attacks on software supply chains and CI/CD pipelines.
Perform in-depth penetration testing (both black-box and white-box) for web applications APIs and networks.
Conduct secure code reviews in collaboration with development teams to identify exploit and implement mitigations on code level.
Integrate security tools and practices into the CI/CD pipeline emphasizing DevSecOps methodologies.
Conduct threat modeling design and architectural reviews to identify potential security risks in the software development lifecycle.
Provide security guidance to development teams assisting in risk mitigation and secure development practices.
Collaborate with the Blue Team to improve detection capabilities and test defensive measures.
Utilize SIEM tools for incident detection and response providing insights to enhance monitoring and alerting mechanisms.
Develop and maintain custom security tools and frameworks to automate security testing and monitoring.
Stay informed about emerging threats attack techniques and security technologies.
Education
Bachelors degree in computer science information security or a related field (or equivalent experience).
At least 6 years of experience in offensive security and Application security.
Proven experience in offensive security with a strong understanding of attack vectors and techniques.
Relevant certifications such as OSWE OSCP CRTO or similar.
Significant contributions to security through Bug bounty programs CVEs or recognized security research.
Recognized public acknowledgments in security research.
Experience with scripting or programming languages like Python Go or Ruby for developing custom attack tools/exploits.
Familiarity with CI/CD tools such as GitHub Actions Jenkins or TeamCity.
Knowledge of security practices of cloud computing platforms like AWS Azure GCP as well as k8s.
Required Experience:
Senior IC
Employment Type
Full-Time
