Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Security Engineer

Posted 19 days agoViewed

View full description

💎 Seniority level: Middle, 3+ years

📍 Location: United States, EST

💸 Salary: 90000.0 - 110000.0 USD per year

🔍 Industry: E-commerce

🏢 Company: SupplyHouse.com

🗣️ Languages: English

⏳ Experience: 3+ years

🪄 Skills: AWSSQLCiscoCloud ComputingCybersecurityGCPLDAPAzureLinuxComplianceJSONRisk Management

Requirements:
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field with 3+ years of experience in a cybersecurity-related role, OR a Master’s degree with 1+ year of experience.
  • Strong understanding of network security, cryptography, cloud security, and application security.
  • Proficiency with security protocols such as SSL/TLS, IPsec, and SSH.
  • Hands-on experience with security tools such as Wireshark, Nessus, Splunk, and Metasploit.
  • Familiarity with regulatory compliance frameworks (GDPR, PCI DSS, CCPA, etc.).
  • Experience in incident response, forensic analysis, and threat intelligence.
  • Knowledge of security controls in Microsoft 365 and cloud platforms like GCP.
  • Ability to design and conduct cybersecurity tabletop exercises.
  • Strong analytical and problem-solving skills, with the ability to work under pressure.
  • Excellent communication skills, with the ability to explain technical security concepts to non-technical stakeholders.
Responsibilities:
  • Design, configure, and implement security solutions to protect IT infrastructure, data, and applications.
  • Develop and enforce best practices for system configuration and data handling.
  • Harden systems and applications to minimize vulnerabilities and reduce attack surfaces.
  • Evaluate, test, and recommend security technologies to enhance overall defense capabilities.
  • Monitor and manage firewalls, IDS/IPS, endpoint security, and SIEM tools.
  • Continuously analyze security threats, vulnerabilities, and risks.
  • Lead or assist in incident response activities, including forensic analysis and root cause assessments.
  • Perform regular penetration tests and red team exercises to assess security posture.
  • Ensure compliance with regulatory frameworks such as GDPR, PCI DSS, and CCPA.
  • Develop and maintain security policies, procedures, and IT security architecture.
  • Manage vendor due diligence processes to ensure thorough vetting and risk mitigation.
  • Conduct security audits and firewall configuration reviews to align with industry standards.
  • Provide security training and awareness programs to mitigate threats like phishing and social engineering.
  • Design and facilitate cybersecurity tabletop exercises for threat response and crisis management.
  • Collaborate with IT, development, and operations teams to integrate security into the software development lifecycle (SDLC).
Apply

Related Jobs

Apply
🔥 Cloud Security Engineer (Remote)
Posted 3 days ago

📍 United States

🔍 Biopharma

  • Bachelor’s Degree with 6 years’ experience; master’s degree with 5 years’ experience; PhD with 0 years’ experience in information security and/or related functions (IT Audit, Risk Management, or Security Architecture)
  • Strong knowledge of scripting languages, including Python, Bash, and/or PowerShell
  • Experience developing AWS Service and Resource Control Policies (SCP and RCP) to effectively manage permissions across the enterprise
  • Expertise in AWS services including EC2, S3, RDS, Lambda, CloudFormation, VPC, and IAM.
  • Experience with Infrastructure as Code (IaC) tools including CloudFormation, Terraform, or Ansible.
  • Knowledge of DevOps practices and tools, including CI/CD pipelines, automation tools, and Docker/Kubernetes for containerization
  • Serve as a cloud security technical expert to develop and execute cloud security policies and procedures
  • Collaborate with cloud technology teams across the enterprise to ensure the integrity and security of our digital assets in AWS/Azure IaaS environments
  • Demonstrate high proficiency across a wide range of cloud security technologies to establish guardrails to prevent or automatically remediate common security misconfigurations
  • Provide technical leadership, mentor, and consult with less experienced cloud engineers to implement necessary security controls and threat protection
  • Act as a Cloud security subject matter expert by continually reviewing environments for opportunities to reduce risk when possible
  • Build automation to monitor cloud resources for compliance with existing standards and alert for configuration drift
  • Consult with cloud engineers to successfully implement design requirements from cloud security architects
  • Provide governance and consulting to ensure established controls remain effective
  • Contribute to advancement of own function by studying start-of-the-art tools, techniques, and computing equipment; participate in educational opportunities and professional organizations.

AWSDockerPythonAmazon RDSBashCloud ComputingCybersecurityKubernetesCI/CDLinuxDevOpsTerraformComplianceRisk ManagementAnsibleScripting

Posted 3 days ago
Apply
Apply
🔥 Senior Security Engineer (Governance, Risk, and Compliance)
Posted 3 days ago

📍 Canada, United States

🧭 Full-Time

💸 156000.0 - 210000.0 USD per year

🔍 Security

  • Minimum of 5+ years of combined experience in security, GRC, risk, or a related space with hands-on technical work building automation solutions as they relate to compliance controls, evidence, GRC platforms, etc.
  • Experience in effectively analyzing data and programs for security risk, compliance, and maturity.
  • Willingness to wear different hats and work on areas where needed.
  • Must excel in communication, and demonstrate the ability to explain technical security concepts to a non-technical audience.
  • Must have a highly collaborative and teamwork-focused approach, as well as a heart for mentoring and leveling up your teammates.
  • Must be able to assess and mitigate corporate risk within the organization.
  • Sophisticated program/project management abilities.
  • Own, design and manage the continued enhancement of various GRC programs including but not limited to strategy, roadmap, and controls to address regulatory requirements across multiple jurisdictions.
  • Communicate our compliance framework and various program requirements to all relevant stakeholders (internal and external).
  • Engage cross-functionally (with groups such as Engineering, Finance, Legal, Product, and Sales) to establish a thoughtful, strategic and tactical approach to multiple GRC programs and related processes.
  • You will assist with analysis and preparation for internal and external audits.
  • Accurately and effectively communicate our compliance position and programs to auditors and customers.
  • Partner with other members of the security team to establish security guidelines that enable the organization to move fast in a safe and secure manner.
  • To operate as a technical leader by helping define the GRC roadmap and by leveling up junior employees.
  • Build strong relationships with partner and stakeholder teams in order to build a scalable GRC program.

Project ManagementSQLCloud ComputingCybersecurityData AnalysisCommunication SkillsAnalytical SkillsCollaborationMentoringDevOpsComplianceRisk Management

Posted 3 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 4 days ago

📍 United States

🧭 Full-Time

🏢 Company: NerdWallet

  • 8 + years of professional experience as a security engineer, software engineer, site reliability engineer, penetration tester/ red team member, or security consultant
  • 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)
  • Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)
  • High-level understanding of: security weaknesses, exploits, attacks and mitigations
  • In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods
  • Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review
  • Ensure the timely delivery of high-priority product security initiatives
  • Be a strategic advisor to the Application and Product Security Program
  • Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
  • Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption
  • Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization
  • Design and develop security tools and processes to be leveraged by development teams
  • Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities
  • Help build the Red Team
  • Be a technical mentor to junior members of the team and help develop their skills

AWSDockerPythonAgileCloud ComputingCybersecurityJenkinsKubernetesTypeScriptAlgorithmsData StructuresCI/CDRESTful APIsMentoringLinuxDevOpsRisk ManagementSoftware Engineering

Posted 4 days ago
Apply
Apply
🔥 Security Engineer: Solana/Rust
Posted 4 days ago

📍 AMER, EMEA, APAC

🧭 Fulltime

🔍 Security Engineering

🏢 Company: asymmetric.re

  • Familiarity with at least one or more Rust-based smart contract platforms, including Solana, Cosmwasm, NEAR (strong preference to pre-existing Solana experience).
  • Proven experience as either a consultant, engineer, bug bounty hunter or auditor.
  • Prior experience working with open source development practices.
  • Willingness and aptitude to learn multiple Rust-based runtimes.
  • Understanding of blockchain infrastructure technologies, such as bridging or oracles.
  • Prior experience with reverse engineering and/or fuzzing.
  • Prior experience with code reviews
  • Prior leaderboard ranking on bug bounty, code contest, or CTF competitions.
  • Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.
  • Perform cutting edge security research in Solana and other Rust-based smart contract platforms.
  • Develop security tooling and developer workflows to aid in the early detection of vulnerabilities.
  • Collaborate with core contributors to conduct internal security audits.
  • Shepherd external security audits with the help of leading 3rd party audit firms.
  • Operate leading bug bounty programs on Immunefi.
  • Work in a diverse decentralized team environment with web3 professionals.
  • Clearly communicate security risks and solutions.
  • Adhere to the highest standards of integrity, trust, and professionalism.

BlockchainCybersecurityAPI testingRustWeb3.jsCI/CD

Posted 4 days ago
Apply
Apply
🔥 Enterprise Security Engineer
Posted 4 days ago

📍 Worldwide

🧭 Full-Time

🔍 Security Engineering

🏢 Company: asymmetric.re

  • Minimum of 7 years of security engineering experience, focusing on Web 2.0 and Web 3.0 technologies.
  • Proven track record in identifying and mitigating critical security flaws in complex systems.
  • Strong understanding of common security frameworks
  • Excellent problem-solving skills and the ability to work independently in a remote setting.
  • Strong communication skills, with the ability to convey complex security issues to technical and non-technical stakeholders.
  • Provide security-focused consulting services to customers.
  • Conduct comprehensive security assessments of Web 2.0 and Web 3.0 applications, infrastructure, policies and processes.
  • Identify, analyze, and mitigate security vulnerabilities across diverse systems.
  • Consult with our clients and implement security protocols, tools, and best practices.
  • Collaborate with cross-functional teams to integrate security measures into all stages of product development.
  • Lead incident response efforts and conduct post-mortem analyses to prevent future occurrences.
  • Stay abreast of emerging security threats and industry trends to address potential risks proactively.

SQLBlockchainCloud ComputingCybersecurityAlgorithmsAPI testingData StructuresREST APICommunication SkillsAnalytical SkillsProblem SolvingLinuxDevOpsJSONScripting

Posted 4 days ago
Apply
Apply
🔥 Senior Security Engineer, GRC
Posted 6 days ago

📍 United States

🧭 Full-Time

🔍 Software Development

🏢 Company: Docker👥 251-500💰 $105,000,000 Series C almost 3 years agoDeveloper ToolsDeveloper PlatformInformation TechnologySoftware

  • Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
  • Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
  • Experience conducting security compliance reviews and audits for SaaS products and hosted environments including AWS and Azure.
  • Have strong knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
  • Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
  • Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
  • Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and
  • Build and implementation of cybersecurity controls
  • Have experience in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, 27701 and 27018
  • Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls.
  • Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments
  • Serve as the subject matter expert and provide technical leadership and feedback for compliance / GRC projects
  • Appropriately handling and managing confidential information including proprietary and trade secret information
  • Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance
  • Lead the development, implementation and maintenance of comprehensive GRC strategies
  • Build automated evidence gathering and continuous control testing through integrations maturing our governance program.
  • Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls.
  • Optimize security compliance monitoring and alerting systems; aggregate compliance alerts and advise on system policy violations
  • Perform critical data security reviews over newly released products and features.
  • Ensure controls are operating effectively via assessment and attestation
  • Own the vulnerability management program to identify and provide guidance for improvements
  • Security Metrics - Uses automated and manual processes to produce relevant KPIs about the Information security program
  • Policies and Procedures - Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
  • Recertification - Operates periodic processes to hire, transfer, and termination protocols are complied with and regular access reviews are conducted
  • Security Awareness - Builds and maintains company awareness and education progress
  • Risk Assessment - Builds and operates the company platform to document, measure, and report assessments, risks, controls findings, and remediation activity
  • Draft policies and best practices that will be consumed by the entire organization
  • Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, and 27701
  • Evaluate vendors against compliance and security standards

AWSDockerProject ManagementSQLCybersecurityJiraAPI testingAzureCommunication SkillsAnalytical SkillsCollaborationCI/CDProblem SolvingAgile methodologiesRESTful APIsLinuxDevOpsTerraformWritten communicationDocumentationMicroservicesComplianceMS OfficeRisk ManagementStakeholder managementScriptingSoftware Engineering

Posted 6 days ago
Apply
Apply
🔥 Security Engineer, Offensive Security
Posted 10 days ago

📍 United States

🧭 Full-Time

🔍 Security

🏢 Company: OpenAI👥 251-500💰 $4,000,000,000 Secondary Market over 1 year agoArtificial Intelligence (AI)Machine LearningGenerative AINatural Language ProcessingSoftware

  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.
  • Deep expertise conducting offensive security operations within modern technology companies.
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).
  • Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications.
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities.
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations.
  • Ability to communicate complex technical concepts effectively through compelling storytelling.
  • Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases.
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios.
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
  • Perform comprehensive penetration testing on our diverse suite of products.
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work.
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change.
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling.

PythonBashCloud ComputingCybersecurityKubernetesAlgorithmsAzureData scienceData StructuresCI/CDRESTful APIsLinuxJSONRisk ManagementScripting

Posted 10 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 11 days ago

📍 United States, Canada

🧭 Full-Time

💸 154160.0 - 281060.0 USD per year

🔍 Software Development

  • 7+ years of experience in application security, including 2+ years of software development focused on security.
  • Expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices.
  • Experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities.
  • Experience with software supply chain security and led bug bounty programs and security tooling initiatives.
  • Successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation.
  • Led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams.
  • Experience mentoring other application security engineers and fostering security best practices across organizations.
  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers

AWSSoftware DevelopmentCybersecurityCI/CDRESTful APIsMentoringCompliance

Posted 11 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 11 days ago

📍 United States, Canada

🧭 Full-Time

💸 154160.0 - 281060.0 CAD per year

🔍 Software Development

🏢 Company: Webflow👥 501-1000💰 $120,000,000 Series C about 3 years ago🫂 Last layoff 8 months agoCMSWeb HostingWeb Design

  • 7+ years of experience in application security, including 2+ years of software development focused on security.
  • Expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices.
  • Experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities.
  • Experience with software supply chain security and led bug bounty programs and security tooling initiatives.
  • Successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation.
  • Led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams.
  • Experience mentoring other application security engineers and fostering security best practices across organizations.
  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers

AWSDockerPythonSoftware DevelopmentCybersecurityGitKubernetesCI/CDRESTful APIsMentoringDevOpsComplianceJSON

Posted 11 days ago
Apply
Apply
🔥 Senior/ Staff Security Engineer, Detection and Response
Posted 12 days ago

📍 United States

💸 168000.0 - 220000.0 USD per year

🔍 Mental Healthcare

🏢 Company: Grow Therapy👥 251-500💰 $88,000,000 Series C 11 months agoMental HealthTherapeuticsMedicalHealth Care

  • 5+ years (Senior) or 8+ years (Staff) of full time experience as a Detection and Response Engineer, working on monitoring, threat detection and incident response
  • Have led the development of company-wide detection and response strategies
  • Have demonstrated experience designing detection strategies in complex, high-scale environments
  • Are familiar with automated vulnerability identification tools and triage processes
  • Detect, respond and defend against threats to Grow’s user base
  • Define and drive our Threat Detection roadmap
  • Mature our Incident Response and Remediation processes
  • Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders
  • Collaborate with Grow engineering teams to drive remediations
  • Build and optimize detection rules
  • Develop runbooks and incident playbooks for new and existing detections

CybersecurityCI/CDLinuxDevOpsScripting

Posted 12 days ago
Apply