The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.
Responsibilities
You will perform the following responsibilities alongside other members of the information security team:
-
Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);
-
Triage security operations center (SOC) alerts as the Level II/III escalation support;
-
Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;
-
Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;
-
Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;
-
Perform internal security testing, assessments, and triaging of alerts from security tooling;
-
Conduct secure code reviews, secure design reviews, and threat modeling activities;
-
Support GRC activities through control evidence collection;
-
Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups;
-
Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;
-
Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.
Requirements
-
Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python
-
Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;
-
1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;
-
Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.
#LI-Remote
Benefits in our US offices:
- Discretionary Time Off Policy (Unlimited!)
- 401K Match
- Stock Options
- Annual Performance Bonus or Commissions
- Paid Parental Leave (12 weeks)
- On-Demand Therapy for all employees & their dependents
- Dedicated learning budget through Learnerbly
- Health Insurance
- Dental Insurance
- Vision Insurance
- Flexible Spending Account (FSA)
- Short Term and Long Term Disability Insurance
- Life Insurance
- Company Social Events
- Signifyd Swag
We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
Signifyd provides a base salary, bonus, equity and benefits to all its employees. Our posted job may span more than one career level, and offered level and salary will be determined by the applicant’s specific experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.