Staff Cyber Security Engineer

Title: Cyber Security Engineer - DevSecOps

Location: Dallas TX (5 day onsite)

Job Description:

Key Responsibilities:

Threat Modeling: Develop and maintain comprehensive threat models across embedded platforms cloud services and software applications to proactively identify prioritize and mitigate potential vulnerabilities throughout the system development lifecycle.

Embedded Platform Penetration Testing: Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.

Cloud-hosted Application Penetration Testing: Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.

Red-Teaming AI-Backed Services: Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities.

Threat Detection and Analysis: Utilize advanced security tools like Cloud Security Posture Management platforms open-source pen-testing tools SIEMs and SASTs to identify analyze validate and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments.

Data Analysis and Security Monitoring: Conduct comprehensive analysis of security data from microservice architectures content distribution networks data lakes serverless functions and databases. Use SIEM tools to correlate security events and identify anomalies.

Incident Response and Management: Participate in incident response efforts perform root cause analysis and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks.

Supply Chain Security: Assess and mitigate security risks associated with the supply chain like open source libraries ensuring end-to-end security

Software Security Flaws Mitigation: Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python C C# JS Python HCL

Security Solutions Development: Develop and implement custom security solutions minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines.

Automating Security Test Functions: Develop and implement automated dynamic security testing functions to ensure continuous security validation.

Minimum Qualifications:

Expertise in secure API integration design and implementation

Expertise in the OWASP top 10 for web applications and LLMs along with mitigation and remediation techniques

Bachelors degree in Computer Science Information Technology or a related field.

Extensive experience in cybersecurity within software engineering environments.

Experience with a programming language (C/C Python Go JavaScript / TypeScript Rust)

Proficiency in cloud security threat detection data analysis and incident response.

Expertise with security tools such as BurpSuite PyRIT Garak MitM Metasploit Wireshark Wiz Sonarqube

Experience standing up Security tooling to automate security hygiene analysis reporting or otherwise host tools or enhance intel capabilities

Strong technical knowledge of microservice architecture content distribution networks data lakes serverless functions and databases.

Familiarity with various cloud platforms and DevOps tools.

Excellent analytical and problem-solving skills.

Strong communication skills both written and verbal.

Ability to independently develop and implement security solutions.

Experience in developing and implementing automated security testing functions.

Preferred Qualifications:

Masters degree in Computer Science or relevant field of study.

Cyber related certifications such as CompTIA CySA CISSP CHFI OSCP.

Experience in digital forensics.

Working experience within a DevSecOps environment.

Education:

• Bachelors or Masters degree in Computer Science Computer or Electrical Engineering Mathematics or a related field.