Sr. Engineer Software
Share
Job Location:
Monthly Salary:
Posted on:
Vacancies:
Job Summary
Security Compliance Engineer
Job Summary
The Security Compliance Engineer will be responsible for analyzing remediating and ensuring adherence to security compliance requirements across software infrastructure and operational processes. This role involves addressing vulnerabilities implementing secure configurations and maintaining compliance with internal and external security standards.
This role ensures security compliance for monitoring applications used in critical infrastructure environments addressing vulnerabilities and enforcing secure design practices throughout the software lifecycle.
Duties and Responsibilities
Security Compliance & Governance
- Review analyze and resolve security compliance tickets related to:
- Authentication & Authorization (least privilege password policies default credentials).
- Secure Transmission (TLS configuration encrypted channels).
- Software Lifecycle Management (update authenticity rollback capability validation processes).
- Sensitive Data Handling (encryption key uniqueness secure storage).
- Inventory & Documentation (roles privileges logging sensitive data).
- Implement validate and maintain security controls in alignment with industry standards (ISO 27001 NIST CSF OWASP Top 10).
- Prepare and maintain accurate documentation for compliance audits security governance and risk assessments.
Collaboration & Cross-Functional Support
- Work closely with development operations and compliance teams to ensure secure design and deployment of web-based monitoring applications.
- Actively participate in design reviews specification processes and project planning to ensure security requirements are integrated early in the lifecycle.
- Engage in scrum meetings team breakouts and collaborative sessions to align on security priorities.
Risk Management & Vulnerability Handling
- Familiar with vulnerability assessments and recommend effective remediation strategies.
- Assist in identifying and mitigating security risks throughout the development lifecycle.
- Support the implementation of security fixes for assigned products and validate their effectiveness.
Continuous Improvement
- Contribute ideas for process improvements related to coding standards source control and documentation.
- Stay updated on emerging security threats compliance requirements and best practices.
- Demonstrate strong motivation to learn and apply advanced software security concepts.
Administrative & Reporting
- Manage and update work efforts in user stories and tasks within the agile tools (Rally).
- Prepare reports and evidence for audit readiness and compliance verification.
Other Duties
- Perform additional responsibilities as assigned to support organizational security objectives.
Requirements
Education
- Bachelors degree in Computer Science Software Engineering or related field (BSc or BE preferred). MSc is a plus.
Professional Experience
Required:
- 5 years of experience in software development or security engineering with a proven track record.
- Hands-on experience with agile development methodologies.
- Experience working in distributed and international teams.
Preferred:
- Experience with web application design and development principles.
- Familiarity with IoT protocols and modeling properties of critical infrastructure equipment (DC power systems UPS thermal equipment rack PDUs ).
Technical Skills:
- Deep knowledge of software security principles including:
- Authentication and Authorization (OAuth RBAC MFA).
- Cryptography key managementand secure transmission protocols (TLS/SSL).
- Secure coding practices and vulnerability remediation.
- Familiarity with secure SDLC and DevSecOps principles.
- Experience with security configuration management for operating environments and applications.
- Ability to work with logging and monitoring systems for security events.
- Experience with containerization (Docker Kubernetes) microservices architecture and cloud platforms (Azure).
- Experience with relational and non-relational databases RESTful APIs and secure web services.
Compliance & Governance:
- Knowledge of security frameworks (ISO 27001 NIST CSF CIS Benchmarks).
- Experience preparing for external audits and certifications is a plus (e.g. UL 2900 IEC 62443)
- Understanding of OWASP Top 10 and SANS CWE Top 25 vulnerabilities (e.g. SQL injection buffer overflow remote code execution).
Tools & Technologies:
- Experience with CI/CD pipelines and security scanning tools (e.g. GitLab CI/CD SonarQube Snyk).
- Familiarity with certificasumite management systems (e.g. Entrust).
- Knowledge of secure coding practices and vulnerability remediation.
- Knowledge Core MVC C# C Java and SQL is a plus.
Soft Skills:
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills in English.
- Ability to communicate security requirements effectively to technical and non-technical stakeholders.
- Detail-oriented with a proactive approach to risk mitigation.
Preferred Certifications:
- CISSP CISM or Security.
- Certified Ethical Hacker (CEH) or equivalent.
- Cloud Security Certifications (e.g. AWS/Azure Security Specialty).
Working Conditions/Other
- Normal office environment. Geographically distributed (virtual) team.
- Ability to multi-task in a fast-paced international environment with multiple deadlines is essential.
Required Experience:
Senior IC
Key Skills
About Company
Work Authorization No calls or agencies please. Vertiv will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need s ... View more
