Senior Security Engineer - Automation

New York - Hybrid•United States (East Coast Time Zone) - Remote

Remote

Senior

Full Time

about 1 month ago

💰$209,664 - $220,699

securityautomationvulnerability managementsoftware developmentCI/CDGitHubSASTDASTSCAsecrets scanning

Requirements

•Solid background in software development with experience in backend or infrastructure languages (e.g., Go, Python, Node.js)
•Strong passion for cybersecurity with focus on security automation and vulnerability management
•Understanding of security tools like SAST, DAST, SCA, and secrets scanning in CI/CD environments (e.g., Github)
•Knowledge of vulnerability management principles including prioritization frameworks (e.g., CVSS) and remediation tracking
•Familiarity with SLSA framework or similar supply chain security initiatives
•Ability to collaborate with technical teams and explain security concepts and tooling requirements
•Strong analytical and problem-solving skills with ability to identify inefficiencies and propose automated solutions
•Self-motivated, innovative, takes ownership, and effective in remote fast-paced environments
•Experience collaborating with Application Security and Cloud Security teams to implement automation requirements
•Experience in disruptive technology, FinTech, SaaS, or Crypto sectors is a plus
•Familiarity with cloud security principles (AWS, GCP) is beneficial
•Deep understanding of GitHub functionalities including advanced features, security settings, and API capabilities
•Strong administrative skills in managing GitHub Enterprise environments including user access, repository management, and organization settings
•Familiarity with GitHub Actions for workflow automation and security enforcement

•Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into CI/CD pipelines
•Develop and maintain automation scripts and platforms to streamline security processes and workflows
•Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting
•Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices
•Drive the adoption and implementation of the SLSA framework to enhance supply chain security
•Continuously evaluate and improve existing security automation and vulnerability management workflows
•Research emerging threats and vulnerabilities relevant to the tech stack and development practices
•Develop and maintain documentation for security automation tools, processes, and vulnerability management procedures
•Assist in triaging and validating findings from automated scanners, penetration tests, and bug bounty programs
•Contribute to security training materials focused on secure development practices and tools
•Support incident response activities where automation or vulnerability data can aid investigation and remediation
•Champion and execute the security team's automation strategy for cross-functional needs