Security Engineer

Posted 7 months agoViewed

View full description

📍 Location: United States, North America, Europe

🔍 Industry: Software as a Service

🏢 Company: EngFlow Inc.

🪄 Skills: LinuxDevOps

Requirements:

Passion for optimization and analyzing complex challenges in the security engineering space.
Advanced knowledge of supply chain and cloud security.
Experience managing pentest processes with external vendors.
Experience with SOC2 / FedRAMP audits.
Skilled at intrusion detection and prevention practices.
Expertise in vulnerability tracking and management.
Familiarity with at least one build system: Bazel, CMake, Maven, Gradle, Nix, Buck, others.
Experience in or passion for DevOps and DevInfra.
Experience in Linux and the Unix shell.
Experience with at least one Cloud infrastructure: AWS, Azure, GCP, OpenShift, Oracle Cloud. Terraform experience is a plus.
Previous experience owning and updating an ISMS and other security documentation / resources.

Responsibilities:

This role reports into the Head of Product Engineering with a dotted line to our CTO.
You will collaborate with numerous stakeholders across business and tech functions to understand security requirements.
Ensure our systems are secure and SOC 2 compliant.
Work through security questions, questionnaires, and reviews with prospects and customers.
You may be part of an on-call rotation to support production issues that are escalated to the Engineering team.

Apply

Related Jobs

Apply

🔥 Senior Product Security Engineer

Posted about 7 hours ago

📍 United States of America

🧭 Full-Time

💸 131420.0 - 216870.0 USD per year

🔍 Software Development

🔧 Requirements

Experienced knowledge and understanding of Linux Operating System
Proficiency in common programming languages like C/C++, Python, Java, Go
Familiarity with Source Code Management tools like Git
Strong understanding of security vulnerabilities including the confidentiality, integrity, and availability triad
Significant experience in security technologies and methodologies like authentication and authorization, encryption, and risk assessments
Ability to work on your own in a fast-paced environment with a multicultural team distributed across multiple countries and time zones
Outstanding written and verbal communication skills in English

💡 Responsibilities

Respond to security vulnerabilities, weaknesses and incidents, within the Red Hat portfolio of Products and Services.
Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
Research the impact of new flaws affecting Red Hat's offerings and communicate risk to stakeholders with different technical understanding, like senior leadership, engineers, architects, etc.
Coordinate with key stakeholders internally and externally, as appropriate, ensuring an effective management of the vulnerabilities and the security incidents
Provide technical leadership, mentor junior engineers, and drive collaboration to deliver high-impact solutions while fostering a culture of innovation and excellence.
Contribute in the industry coordination working groups to shape the industry wide vulnerability disclosure and coordination standards as well as to adopt and implement those standards within the organization

DockerPythonCybersecurityGitJavaKubernetesGoRESTful APIsLinuxRisk Management

Posted about 7 hours ago

Apply

🔥 Security Engineer (remote)

Posted about 18 hours ago

📍 Romania

🧭 Full-Time

🔍 Software Development

🏢 Company: Masabi👥 51-100💰 Private about 3 years agoTicketing Transportation Apps Mobile FinTech

🔧 Requirements

Hands-on experience in security engineering, compliance, or risk management
Comfortable working with PCI DSS, ISO 27001, SOC 2 and security audits
Solid understanding of vulnerability scanning, pen testing, and cloud environments
Familiar with risk assessments, mitigation strategies, and patching workflows
Able to write clear documentation, reports, and policies
Collaborate, curious, proactive, and always looking for ways to improve
Comfortable working independently in a remote-first environment

💡 Responsibilities

Own and improve security controls aligned with PCI DSS, SOC 2, and ISO 27001, supporting audits and recertifications
Ensure we stay audit-ready with control testing, documentation, and remediation
Partner with internal teams and auditors to manage evidence collection and compliance outcomes
Manage and track contractual security obligations, flagging any billable work
Lead risk assessments, identify control gaps, and recommend mitigation strategies
Manage the lifecycle of security policies and standards, making sure they’re practical, up-to-date, and embedded across teams
Stay ahead of regulatory changes and industry trends to proactively adjust our security approach
Own our vulnerability scanning and triage process, prioritising risks and working with teams to close gaps within SLAs
Coordinate and follow up on bi-annual penetration tests
Monitor CVEs and evaluate impact across cloud infrastructure and code dependencies
Oversee patching compliance and ensure SSL certificates are up-to-date
Automate scanning, reporting, and risk scoring wherever possible
Own the lifecycle of security incidents, from detection and response to lessons learned
Maintain up-to-date incident response plans aligned with compliance standards
Implement and optimise tools to detect, prevent, and mitigate potential threats
Lead regular security reviews across cloud environments and code repositories
Track key risk indicators (KRIs) and report on security metrics to leadership
Support the completion of RFPs and customer security questionnaires

AWSCloud ComputingCybersecurityCI/CDDevOpsComplianceRisk ManagementScripting

Posted about 18 hours ago

Apply

🔥 Senior Security Engineer, Detection & Response (Eastern Preferred)

Posted 1 day ago

📍 Canada

🧭 Full-Time

🔍 Software Development

🏢 Company: Docker👥 251-500💰 $105,000,000 Series C about 3 years agoDeveloper Tools Developer Platform Information Technology Software

🔧 Requirements

Background in Information Security, Computer Science, Computer Engineering, Forensics, or equivalent work experience.
4-5 years of hands-on experience in detection and response, including triage and incident response in enterprise SaaS environments.
Proven experience in building log ingestion and normalization pipelines across diverse systems.
Expertise in Detection as Code, particularly using Python and SQL.
Subject matter expert in endpoint security and/or cloud security.
Strong working knowledge of Mac, Linux, and Windows operating systems.
Hands-on experience with major cloud infrastructures, including AWS, Azure, and GCP.
Experience with Kubernetes is a nice-to-have.
Demonstrated experience working across multiple teams in collaborative security roles.

💡 Responsibilities

Monitor, detect, and respond to cybersecurity threats, lead incident investigations, conduct root cause analysis, and automate threat detection and hunting.
Develop detection and response playbooks and participate in on-call rotations.
Design, implement, and maintain log ingestion, parsing, and normalization pipelines across endpoint, network, cloud, and application logs.
Ensure log consistency across EDR, SIEM, SOAR, and threat detection tools.
Use Terraform, Kubernetes, and scripting to automate log infrastructure in cloud environments and improve security monitoring efficiency.
Ensure log storage and retention meet regulatory and security requirements, support audit to maintain compliance
Work with Product Security, Infrastructure, DevOps, and IT on various initiatives to mature the Detection Engineering program and strengthen Docker’s overall security posture.
Partner with stakeholders to improve threat intelligence, detection, and incident response capabilities.

AWSPythonSQLCloud ComputingCybersecurityGCPKubernetesMac OS XAzureLinuxDevOpsTerraformComplianceScripting

Posted 1 day ago

Apply

🔥 Senior Security Engineer

Posted 1 day ago

📍 United States

🏢 Company: ActivTrak👥 101-250💰 $50,000,000 Series B over 4 years agoInformation Services Business Intelligence SaaS Information Technology Software

🔧 Requirements

5+ years experience in information security, with hands-on experience in security operations and compliance frameworks such as SOC2.
Experience implementing and maintaining security tools and controls, including SDLC and GRC tools.
Strong knowledge of security best practices and technologies, including access control, intrusion detection, and incident response.
Experience with cloud security, specifically in Google Cloud Platform (GCP).
Strong communication skills with the ability to explain complex security concepts to various stakeholders.
Hands-on experience with security monitoring tools, vulnerability scanning, and security testing.
Understanding of common security frameworks and ability to map controls to compliance requirements.
Experience with automation and scripting for security operations.

💡 Responsibilities

Execute our comprehensive security program, including implementing policies, procedures, and guidelines that align with industry standards and best practices.
Work with cross-functional teams to implement security measures that align with business objectives.
Deploy, maintain, and monitor security technologies, tools, and systems to enhance the organization's security posture.
Support the sales engineers by providing technical expertise on security requirements for potential and existing customers.
Assist in customer-facing sales calls to address specific technical security concerns.
Help develop security presentations and training materials to support internal and customer security objectives.
Conduct daily monitoring, triage, and escalation of security alerts from various security systems.
Validate and document submissions from our Responsible Disclosure program.
Maintain situational awareness of emerging vulnerabilities for our technology stack and escalate as needed.
Conduct scheduled and on-demand security assessments to identify and evaluate potential security risks and assist in developing mitigation plans.
Implement product security features and capabilities in collaboration with the product development team.
Perform scheduled and on-demand vulnerability scanning and penetration testing against networks and applications.
Investigate, triage, and respond to security incidents, ensuring proper documentation and escalation.

Cloud ComputingCybersecurityGCPCI/CDLinuxDevOpsComplianceRisk ManagementScripting

Posted 1 day ago

Apply

🔥 Senior Security Engineer, Infrastructure Security

Posted 1 day ago

📍 Canada, United States

🧭 Full-Time

💸 156000.0 - 210000.0 USD per year

🔍 Security

🔧 Requirements

Minimum of 6 years combined experience as a software, infrastructure, and/or security engineer.
Demonstrated success at designing, implementing, deploying, securing, and monitoring highly-available, critical production systems with broad company impact.
Hands-on experience with a variety of technologies and approaches in both the cloud infrastructure and security spaces; e.g. service identity, workload hardening, networking, authentication and authorization, software supply chain, etc.
Expertise with AWS Service Control Policies and permission boundaries.
Experience with software development (Golang preferred).

💡 Responsibilities

Design, build, and maintain tooling, software, and systems for securing our cloud infrastructure.
Own the delivery and success of infrastructure security projects that span engineering teams.
Work with cross-functional partners to define the best security solutions for our infrastructure and reduce unnecessary friction, while maintaining a high degree of software development velocity.
Provide technical leadership and mentorship to fellow engineers on the team.

AWSSoftware DevelopmentAWS EKSCloud ComputingCybersecurityKubernetesGoCI/CDRESTful APIsLinuxDevOpsTerraformNetworkingScriptingSoftware Engineering

Posted 1 day ago

Apply

🔥 Security Engineer

Posted 1 day ago

📍 Poland

🧭 Full-Time

💸 13200.0 - 20400.0 PLN per month

🏢 Company: Netguru👥 501-1000 Product Design UX Design Web Development Apps Mobile Software

🔧 Requirements

Can communicate complex technical concepts clearly to both technical and non-technical audiences.
Are a proactive problem-solver, able to analyze issues and develop effective solutions.
Are highly independent and self-managing, able to prioritize tasks and work with minimal supervision.
Are adaptable and flexible, able to quickly learn and adjust to new technologies and threats.
Possess a meticulous attention to detail, ensuring accuracy and identifying subtle vulnerabilities.
Are a collaborative team player, willing to share knowledge and work effectively with diverse teams.

💡 Responsibilities

Analyze client needs (secure architecture, data flows, user stories, infrastructure) and recommend solutions in client/team meetings.
Ensure robust protection across different providers (AWS, Azure, GCP) by leveraging your expertise in network and IT system security
Secure networks and systems: configure firewalls, IDS/IPS, VPNs, and secure communication.
Perform tests and vulnerability analysis using static/dynamic code analysis and security scanners.
Ensure compliance with standards (ISO 27001, PCI DSS, GDPR) and implement aligned security policies.
Secure applications: implement "security by design" and apply OWASP Top 10 best practices.
Integrate security into DevSecOps: automate security testing and embed controls in CI/CD pipelines.
Manage security incidents: monitor, analyze, and respond using log analysis and SIEM tools.
Communicate and collaborate with teams, document processes, and explain technical information.
Design and conduct risk assessments, identify threats, evaluate impact, and implement mitigation. Integrate risk assessment into the project lifecycle.

AWSCloud ComputingCybersecurityGCPAzureMobile testingCI/CDDevOpsRisk Management

Posted 1 day ago

Apply

🔥 Cloud Security Engineer

Posted 3 days ago

📍 UK

🔍 Software Development

🏢 Company: Everway

🔧 Requirements

3+ years of experience in cloud security, with a strong focus on AWS and Azure.
Deep understanding of AWS security services, including IAM, Security Hub, GuardDuty, KMS, WAF, and S3 bucket ACLs and encryption.
Strong knowledge of AWS networking security, including VPCs, security groups, VPNs, and private link services.
Strong knowledge of Azure Defender, Sentinel, and Security Center.
Hands-on experience securing serverless architecture (e.g., AWS Lambda, API gateway) and containerized environments (e.g., Kubernetes).
Experience with cloud security monitoring, SIEM, and incident response.

💡 Responsibilities

Architect, implement, and manage security controls in AWS and Azure environments to protect cloud infrastructure, workloads, and data.
Conduct threat modeling and risk analysis to identify and remediate vulnerabilities.
Securely configure and audit cloud IAM policies, role-based access control (RBAC), and implement least-priviledge principles.
Familiar with cloud native compute, storage and security services, such as AWS Security hub, GuardDuty, CloudTrail, and Azure Monitor.
Work closely with DevOps and development teams to integrate security into CI/CD pipelines and cloud-native applications.
Investigate and respond to cloud security incidents, misconfigurations, and compliance gaps.

AWSCloud ComputingCybersecurityKubernetesAzureCI/CDLinuxDevOpsTerraformNetworking

Posted 3 days ago

Apply

🔥 Staff, Application Security Engineer

Posted 3 days ago

📍 Alberta, Ontario, British Columbia, Canada

💸 143000.0 - 178000.0 CAD per year

🔍 Software Development

🔧 Requirements

8+ years of experience in application security, secure software development, or related fields.
Hands on experience with SAST, SCA, DAST, Secrets, API Security solutions
Deep understanding of security for Containers, web, APIs, and cloud-native workloads (AWS, Azure, GCP).
Strong knowledge of OWASP top 10s and modern attack vectors
Proficiency in at least one programming language (Python, Go, Java, TypeScript)

💡 Responsibilities

Lead Application Security initiatives across different teams to design, build and implement security best practices
Implement and enhance security automation within CI/CD pipelines
Maintain Application Security solutions, measure their effectiveness and continuously improve based on strategic priorities
Develop and maintain secure coding guidelines and security training for Engineers
Investigate security vulnerabilities and support incident response as needed
Research emerging threats, vulnerabilities, and attack techniques to proactively secure applications

AWSPythonCloud ComputingGCPJavaTypeScriptAPI testingAzureGoCI/CDRESTful APIsLinux

Posted 3 days ago

Apply

🔥 Senior Platform Security Engineer (100% remote-friendly within Poland)

Posted 3 days ago

📍 Poland

🧭 Full-Time

🔍 Software Development

🔧 Requirements

At least 5 years of experience related with security
Vast experience with container orchestration platforms like Kubernetes and how to secure them (must-have).
You know how to maintain, develop policy for security-focused CNI/Service Mesh (eg. Calico, Cilium).
You know how to scan for and manage vulnerabilities at scale.
You have experience with Hashicorp Vault.
You know why and how to use Terraform and popular CI/CD tools.
You know about building scalable and secure production HA environments using AWS.
You know your ways around network security services eg. AWS WAF/Cloudflare.
You are not afraid of developing tools or scripts in Bash or GO to automate work.

💡 Responsibilities

Developing and maintaining tools for Global Security in order to deliver vulnerability management platforms for application triaging and continuous compliance
Optimize system scalability and cost efficiency
Development, monitoring, and maintenance of Kubernetes clusters on several continents.
CI / CD development and maintenance.
Make sure that all of our services are deployed in a way that makes them highly available.
Fixing urgent issues and optimizing performance.
Support other team members in their daily work.

AWSBashCloud ComputingKubernetesGoCI/CDRESTful APIsLinuxDevOpsTerraformMicroservicesComplianceFluency in EnglishJSONEnglish communication

Posted 3 days ago

Apply

🔥 Senior Security Engineer

Posted 3 days ago

📍 Canada

🧭 Full-Time

💸 123600.0 - 193000.0 USD per year

🔍 SaaS

🔧 Requirements

Strong software development skills (ideally with Ruby on Rails, but experience with Python, Java, or C# is also welcome).
Solid understanding of secure development practices, including threat modelling, secure code review, the principles of DevSecOps, and deep understanding of API security principles and best practices.
Experience collaborating with product and engineering teams to improve security posture.
Experience building or integrating security automation tools into CI/CD pipelines or developer workflows, including familiarity with SCA/SCA/DAST tools.

💡 Responsibilities

Help teams build and maintain secure systems by conducting threat modelling, manual and automated testing, and guiding secure design practices throughout the SDLC.
Evaluate the security posture of both internal features and third-party solutions through code reviews, architectural assessments, and vendor risk evaluations.
Drive continuous improvement by triaging vulnerabilities, building and integrating security automation into CI/CD pipelines, and adapting processes to keep pace with evolving threats.
Collaborate closely with developers and Security Champions to scale secure development practices and embed a culture of shared responsibility for security.

PythonSoftware DevelopmentCybersecurityJavaRuby on RailsC#API testingCommunication SkillsCI/CDLinuxDevOpsExcellent communication skillsJSONSoftware EngineeringSaaS

Posted 3 days ago

Apply