Senior Security Engineer II
United States (Remote);
The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.
Responsibilities
You will perform the following responsibilities alongside other members of the information security team:
-
Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);
-
Triage security operations center (SOC) alerts as the Level II/III escalation support;
-
Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;
-
Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;
-
Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;
-
Perform internal security testing, assessments, and triaging of alerts from security tooling;
-
Conduct secure code reviews, secure design reviews, and threat modeling activities;
-
Support GRC activities through control evidence collection;
-
Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups;
-
Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;
-
Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.
Requirements
-
Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python
-
Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;
-
1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;
-
Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.
#LI-Remote
Benefits in our US offices:
- Discretionary Time Off Policy (Unlimited!)
- 401K Match
- Stock Options
- Annual Performance Bonus or Commissions
- Paid Parental Leave (12 weeks)
- On-Demand Therapy for all employees & their dependents
- Dedicated learning budget through Learnerbly
- Health Insurance
- Dental Insurance
- Vision Insurance
- Flexible Spending Account (FSA)
- Short Term and Long Term Disability Insurance
- Life Insurance
- Company Social Events
- Signifyd Swag
We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
Signifyd provides a base salary, bonus, equity and benefits to all its employees. Our posted job may span more than one career level, and offered level and salary will be determined by the applicant’s specific experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.
USA Base Salary Pay Range$90,000—$135,000 USDSignifyd's Applicant Privacy Notice
ApplyJob Profile
401(k) match Annual performance bonus Annual Performance Bonus or Commissions Base salary Bonus Company Social Events Dedicated learning budget Dental Insurance Disability Insurance Discretionary Time Off Discretionary Time Off Policy Equity Flexible Spending Account FSA Health insurance Inclusive interview experience Learning Budget Life Insurance On-Demand Therapy Paid parental leave Performance bonus Reasonable accommodations Signifyd Swag Stock options Swag Unlimited time off Vision Insurance
Tasks- Assist cybersecurity operations
- Conduct security testing
- Configure security solutions
- Develop observability metrics
- Support GRC activities
- Triage alerts
- Vulnerability management
Application Security Automation AWS Azure Cloud Security Cloud Technologies CSPM Cybersecurity DAST DevOps Docker GCP GRC IaC Java Javascript Kubernetes Network security Patch Management Programming Python SAST SCA Secure Code Reviews Security Security Systems SIEM SOC SRE Threat identification Threat modeling Vulnerability Management
Experience1-2 years
EducationComputer Science Computer Science Degree Equivalent experience
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9