Senior Security Engineer

Posted 24 days agoViewed

115000 - 145000 USD per year

United States, CanadaFull-TimePersonal Genomics

Company:

Location:United States, Canada, EST, PST

Languages:English

Seniority level:Senior, 5+ years

Experience:5+ years

Skills:

AWSArtificial IntelligenceCloud ComputingCybersecurityMachine LearningAPI testingCI/CDRESTful APIsLinuxDevOpsComplianceNetworkingRisk Management

Requirements:

5+ years of experience in security engineering, DevSecOps, or infrastructure security roles. Deep technical understanding of cloud security (AWS, OCI) and on-prem environments. Experience with container security, CI/CD hardening, key/secret management, and secure software development practices. Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties. Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.). Strong documentation practices; able to write clear runbooks, security policies, and architecture diagrams. Comfortable working in highly customized, complex environments. Strong understanding of Linux, networking, authentication, and monitoring. Ability to operate autonomously while collaborating across multiple disciplines and technical stacks. Experience using AI or ML tools to enhance security initiatives.

Responsibilities:

Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks. Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation. Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows. Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed. Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments. Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business. Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts. Manage incident response procedures, conduct postmortems, and implement long-term prevention measures. Create and maintain high-quality documentation for security processes, infrastructure risks, and compliance status. Stay current on threat landscapes, tools, and best practices relevant to ecommerce, health data, and hybrid infrastructures.