person looking for a Security Operations Remote Jobs

Get Remote Security Operations Jobs in your mailbox.

79 exciting remote jobs on file from 2500+ top remote companies.

Hot new jobs of this week
79 active jobs from past weeks to consult
Segmented for USA, Europe or Worldwide.
Personally selected for you by our experienced remote hiring managers.

A selection of jobs from the previous newsleterrs.

17d

Application Security Engineer

QAD, Inc.Wroclaw, Poland, Remote

Bachelor's degree ● 3 years of experience ● terraform ● java ● typescript ● python ● AWS

QAD, Inc. is hiring a Remote Application Security Engineer

Job Description

QAD is seeking an Application Security Engineer. As an Application Security Engineer, you will contribute to ensuring the security and integrity of our organization's applications and software systems. You will assist in identifying security vulnerabilities, conducting risk assessments, and implementing security measures to protect our applications from potential threats. This role requires familiarity with application security best practices and the ability to collaborate effectively with development teams.

What you’ll do:

Assist in conducting security assessments and penetration testing of applications.
Support development teams in code review and analysis for security vulnerabilities.
Collaborate on integrating security measures into application design.
Participate in evaluating and recommending security controls for applications.
Assist in developing and updating threat models, and contribute to mitigation strategies.
Educate development teams on secure coding practices and stay informed about security threats.
Support incident response team in investigating and mitigating security incidents.
Contribute to maintaining documentation on security policies and procedures.
Assist in generating reports on security assessments and recommendations.
Work with cross-functional teams to integrate security into the software development lifecycle.
Collaborate with external security organizations to stay updated on threats and vulnerabilities.
Maintain automated processes for SCA, DAST, and SAST.
Integrate security testing tools into CI/CD pipelines for continuous security assessments. (Gitlab, Terraform, AWS Inspector)

Qualifications

What you'll need:

A bachelor's degree in a relevant field such as Computer Science, Information Technology, Cybersecurity, or a related discipline.
2-3 years of experience in application security with exposure to AWS, GCP, and cloud architectures.
Strong programming and scripting skills (Java, Python, TypeScript).
Effective written and verbal communication skills in English.
Familiarity with common application security vulnerabilities (OWASP Top 10) and remediation techniques.
Exposure to tools and techniques for vulnerability assessment, penetration testing, and code review, for example: Veracode, Snyk, SonarQube, Burp Suite.
Knowledge of security standards, frameworks, and compliance requirements (SAML, OIDC, OAuth, Spring Security).
Good communication and collaboration skills.
Relevant certifications such as CISSP, CSSLP, or CEH are a plus.

See more jobs at QAD, Inc.

Apply for this job

17d

Senior Application Security Engineer

QAD, Inc.Wroclaw, Poland, Remote

Bachelor's degree ● 5 years of experience ● Design ● java ● typescript ● python ● AWS

QAD, Inc. is hiring a Remote Senior Application Security Engineer

Job Description

QAD is seeking a Senior Application Security Engineer. As an Application Security Engineer, you will play a critical role in ensuring the security and integrity of our organization's applications and software systems. You will be responsible for identifying and mitigating security vulnerabilities, conducting risk assessments, and implementing robust security measures to safeguard our applications against potential threats. This role requires a deep understanding of application security best practices, emerging threats, and the ability to work collaboratively with development teams to integrate security seamlessly into the software development lifecycle.

What you’ll do:

Conduct comprehensive security assessments and penetration testing of applications to identify vulnerabilities and risks.
Collaborate with development teams to review code, offer guidance on secure coding practices, and assist in remediation efforts.
Work with software architects to integrate security into application design and recommend security controls.
Develop and maintain threat models for applications, aiding in the creation of mitigation strategies.
Educate development teams on secure coding practices and stay informed about evolving security threats and best practices.
Assist in investigating and responding to application-related security incidents, collaborating with the incident response team.
Create and maintain documentation on application security policies, procedures, and guidelines.
Generate reports on security assessments and findings.
Coordinate with cross-functional teams to integrate security into the software development lifecycle.
Collaborate with external security organizations and researchers to stay updated on emerging threats and vulnerabilities.
Define secure application architectures for SaaS applications.
Develop automated processes for SCA, DAST, and SAST.
Integrate security testing tools into CI/CD pipelines for continuous security assessments.

Qualifications

What you'll need:

A bachelor's degree in a relevant field such as Computer Science, Information Technology, Cybersecurity, or a related discipline
3-5 years of experience in network security with a strong focus on AWS, GCP, and cloud architectures.
Excellent written and verbal communication skills in English.
Senior level programming and scripting skills (Java, Python, TypeScript)
Proven experience in application security, with a strong understanding of secure coding practices.
In-depth knowledge of common application security vulnerabilities (OWASP Top 10) and the ability to remediate them.
Experience with tools and techniques for vulnerability assessment, penetration testing, and code review (Veracode, Snyk, SonarQube).
Familiarity with security standards, frameworks, and compliance requirements (SAML, OIDC, OAuth, Spring Security).
Excellent communication and collaboration skills.
Relevant certifications such as CISSP, CSSLP, or CEH are a plus.

See more jobs at QAD, Inc.

Apply for this job

18d

Security Consultant

TenableRemote, United States

Bachelor's degree

Tenable is hiring a Remote Security Consultant

Description

Who is Tenable?

Tenable® is the Exposure Management company. 40,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Our global employees support 60 percent of the Fortune 500, 40 percent of the Global 2000, and large government agencies. Come be part of our journey!

What makes Tenable such a great place to work?

Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together!

Your Role:

The Security Consultant role performs Tenable product installation, configuration, customization, and security audits for our clients.

Your Opportunity:

Executing client engagements that exceed expectations based on strong understanding of the client’s business and their unique needs by:
- Leading the requirements gathering process
- Developing and implementing Tenable security solutions and workflow plans aligned with client business and security objectives
- Installing and/or configuring all Tenable solutions.
- Development of custom reports, dashboards. alerts and scans within Tenable products to meet client business objectives
- Analysis of Nessus scan results and understanding the risk and threat levels of findings
- Conducting security assessments and audits using Tenable methodology
- Managing client expectations to enable their desired outcomes
Continuing education to support all security practice offerings in pre- and post-sales role
Meeting professional practice standards and expertise in core Tenable product and services
Developing and maintaining positive relationships with clients
Creating additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and industry and Tenable best practices
Participating in industry conferences and professional organizations
Assisting clients with upgrades and migration to new hardware or software versions
Serve as technical architect or technical lead on internal and external projects
Serve as Tenable instructor to train client staff on Tenable products and best practices as training needs are identified
Contribute to the development and maintenance of internal delivery methods and tools

What You'll Need:

Bachelor's Degree in Computer Science/Cyber Security (or equivalent)
6 years experience in IT, security, risk management or professional services
Recent experience performing vulnerability scans, log analysis, security monitoring with Tenable (e.g., Nessus, SecurityCenter, Tenable.io) or other industry solutions
Deep understanding of Cyber Exposure to include all lifecycle stages in the Vulnerability Management program
In depth network architectures such as WAN. LAN , Token Ring, FDDI, etc.
In Depth understanding of multiple Operating Systems such as Linux/Unix, Windows, and MacOS
Understanding of traditional and cloud-based computing environments and delivery models extending to how they are integrated and ‘secured’
Outstanding written and verbal communications skills
Understanding of security principles, policies and industry best practices
Knowledge of Auditing and Configuration frameworks such as ISO 17799, PCI, GLBA and HIPAA preferred
Understanding of OWASP and common exploitable cyber security threats
Understanding of common control systems such as firewalls, blacklists, ACLs and common network monitoring tools such as IDS/IPS
Understanding of wireless LAN protocols and various WLAN vulnerabilities and attacks
Consulting skills with an emphasis on client management, objection handling and a commitment to client success
Travel: Willing and able to travel to client sites up to 25%
Security Clearance Preferred

If you’ve reached this point, and you’re still not sure if you should apply…..Just do it! We’re human and we don’t fit a perfect mold. Having diverse backgrounds, experiences and perspectives, that’s a good thing! If you’re coming from outside of the cyber industry - great! If you’re looking to try something new - awesome! All we ask is you bring passion to all that you do, crave creativity and innovation, and embrace the hard work of gaining new skills and accepting big challenges.

The base salary range for this position is $106,000.00 - $141,333.33 USD. Compensation for the role will depend on a number of factors, including the candidate's qualifications, skills, competencies, location and experience, and may fall outside of the range shown. Employees are also eligible for variable compensation in addition to base pay (commission for sales roles, bonus for non-sales roles), depending on company and individual performance. Tenable also offers a variety of comprehensive and competitive benefits which include: medical, dental, vision, disability and life insurance; 401(k) retirement savings with company match; an employee stock purchase plan; an employee referral program; flexible spending accounts; an Employee Assistance Program (EAP); education assistance; parental leave; paid time off (PTO); company-paid holidays; health and wellness events; and community programs.

We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels. If you need a reasonable accommodation due to a disability during the application or recruiting process, please contact Recruiting@Tenable.com for further assistance.

See more jobs at Tenable

Apply for this job

20d

Security Engineer

Abarca HealthRemote

Master’s Degree ● Bachelor's degree ● azure ● c++ ● AWS

Abarca Health is hiring a Remote Security Engineer

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare. We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…

Our Infrastructure Operations team is critical for success at Abarca Health. They handle the days in and days out of the entire architecture of our systems from data processing to server updates and stability. The Information Security team's focus is to monitor, detect, investigate and respond to events that could lead to incidents. They are involved in planning and implementing preventative security measures and oversee the security operations, which includes protecting IT infrastructure, networks, data, edge devices and identify any exploitation, whether accidental or intentional.

The Security Engineer is a key member of the security team, which is instrumental in ensuring the security of our cloud infrastructure and protection of our sensitive data: PHI & PII data, per our information security policy. In this role, you shall help identify security gaps and drive remediation activities to close those gaps. You’ll play an integral role in defining and assessing the organization's security strategy, architecture, and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.

The fundamentals for the job…

Drive security related initiatives including but not limited to the creation and maintenance of security policies, implementation of security procedures and controls, and monitoring in conformance to the policy.
Deploy and manage applications to monitor cloud infrastructure security and intrusions.
Perform initial incident triage, determine scope, urgency, and potential impact of security incidents.
Provide guidance external auditors on compliance and to Engineering teams on security measures.
Perform security gap assessments and implement remediations.
Run periodic infrastructure vulnerability scans and pen testing and work with engineering teams on identified vulnerabilities for resolution.
Collaborate with network and infrastructure teams on securing and best practices for all our Azure, IBM Cloud, and on premises environments, as well as OS hardening, access logging, and patching.
Own the overall cloud infrastructure security program including driving incident response and resolution and adjust procedures as applicable.
Monitor industry security updates, changes, technologies, emerging threats, and best practices for continuous improvement.

What we expect of you

The bold requirements…

Bachelors Degree or Master’s Degree in Computer Science, Information Security, or a related area. (In lieu of a degree, equivalent relevant experience may be considered.)
3+ years of experience in Infrastructure and Information Security.
3+ years working on Azure or AWS running multiple production workloads.
Experience with OS hardening techniques for Windows environments.
Experience with access logging, centralized logging, and monitoring/alerting of security log events.
Experience with applications for monitoring infrastructure security and detecting intrusions.
Experience designing and implementing access control models for privileged access in fast-paced cloud environments.
Experience with incident response, threat modeling, and mitigation, as well as common information security management frameworks such as ISO27001.
Experience with Azure security best practices and security controls using Azure services (AWS experience will be considered).
Experience with common internet protocols such as DNS, DHCP, SMTP, LDAP, etc.
Excellent oral and written communication skills.
We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only)

Nice to haves…

Security-related certification such as CISSP, CCSP, CEH, CISM, etc.
Experience with HCI technology.
Experience with OS hardening techniques for Linux.

Physical requirements…

Must be able to access and navigate each department at the organization’s facilities.
Sedentary work that primarily involves sitting/standing.

At Abarca we value and celebrate diversity. Diversity, equity, inclusion, and belonging are guiding principles of Abarca and ensure Abarca’s workforce reflects the communities it serves. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify. “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

#LI-MH1 #LI-REMOTE

See more jobs at Abarca Health

Apply for this job

23d

Cybersecurity Consultant

RaftelisUnited States Remote

Ability to travel

Raftelis is hiring a Remote Cybersecurity Consultant

Company Description:

Raftelis helps local governments and utilities thrive by providing management consulting expertise to help transform local governments and utilities. We’ve helped more than 700 organizations in the last year alone. We work in all areas of management consulting including finance, assessment, communications, technology, executive recruitment, and strategic planning.

Job Summary:

Working within a cohesive team, the Cybersecurity Consultant will successfully lead and manage cybersecurity assessment and risk mitigation projects for Raftelis’ public sector clients (i.e., municipalities, utilities, local governments, etc.). Raftelis is committed to creating a new Cybersecurity service line to assist our clients. This position provides the opportunity to launch and grow a critical service within our industry.

Primary Responsibilities:

Help grow Raftelis’ Technology Solutions service line by assisting our municipal, local government, and utility clients assess and mitigate their information technology and cybersecurity risks
Lead and manage our cybersecurity assessment and risk mitigation projects
Review our clients’ business process and information security policies to identify risks and vulnerabilities present in the way they conduct operations
Analyze our clients’ technology resources to identify risks associated with hardware, software, networks, and operational technology
Help our clients understand how their staff interact with the data and systems within their organization
Identify security controls, awareness, and training that could be provided to our clients’ staff
Summarize and present findings to a variety of audiences including organizational leaders, business, and information technology staff
Lead our client’s IT network analysis as part of our IT strategic planning projects and perform penetration testing services
Lead and/or assist in Raftelis’ proposal and business development efforts
Advise on the firm’s internal cybersecurity posture
Build trusted relationships with both internal and external clients

Requirements:

Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or related field
5 plus years of cybersecurity analysis experience
Demonstrated ability to successfully manage multiple concurrent projects
Ability to present complex ideas in a clear and concise manner
Excellent writing, verbal, and presentation skills
Ability to travel within the United States

Studies have shown that women and people of color are less likely to apply for jobs unless they believe they can perform every job description task. We are most interested in finding the best candidate for the job, and that candidate may come from a less traditional background. We will consider any equivalent combination of knowledge, skills, education, and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.

Rewards:

Working for a values-based organization focused on growth with an exceptional reputation in its industry, employees receive competitive compensation, generous bonus structure, and excellent benefits that include:

Company paid medical and dental benefits
Health Savings Account with company contributions
Medical and Dependent Care Flexible Spending Accounts
Vision Insurance
Company paid Life and Disability Insurance and Employee Assistance Program
Discretionary paid time off program and education reimbursement program
401(k) with company contributions
This position is remote.

The salary range for this position is $80k to $150k. Compensation depends on location, education, and experience. Employees in this position may be eligible for an annual performance bonus in the range of up to 25% of compensation, depending on the firm’s yearly performance and the performance of the employee. Such bonuses are not guaranteed and are at the discretion of the firm.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. We use E-Verify. Raftelis is committed to providing equal employment opportunities and our sincere belief in the dignity of each employee, it is our policy to prohibit harassment based on race, national origin, color, age, sex, marital status, domestic partner status, sexual preference, medical condition, disability, religion, or veteran status. To learn more about Raftelis and apply, please visit www.raftelis.com.

Raftelis is committed to providing reasonable accommodation for individuals with disabilities in employment. To request a reasonable accommodation to participate in the job application or interview process, contact Lisa Wilson, Director of Human Resources.

See more jobs at Raftelis

Apply for this job

24d

Senior Security Engineer (Incident Response)

DatabricksRemote - India

azure ● AWS

Databricks is hiring a Remote Senior Security Engineer (Incident Response)

Job Application for Senior Security Engineer (Incident Response) at Databricks

See more jobs at Databricks

Apply for this job

24d

Associate Security Engineer

TenableRemote, United States

azure ● api ● docker ● python ● AWS

Tenable is hiring a Remote Associate Security Engineer

Description

Who is Tenable?

What makes Tenable such a great place to work?

Your Role:

Tenable is currently seeking an Associate Security Sales Engineer to support product demos and evaluations of small and medium sized sales opportunities. The Associate Security Sales Engineer is responsible for identifying and matching technology opportunities with the customer’s business issues and objectives. Assist in developing business value propositions around Tenable products and solutions. Drives sales with technical expertise, account management skills, sales ability, and a superior customer focus.

Your Opportunity:

Become a Cyber Exposure, Vulnerability and Risk Management Subject Matter Expert and advisor to some of the world’s largest organizations
Meet with prospective clients to discover what their biggest security challenges and highest priority business drivers are
Map Tenable’s unique business value and differentiators to their challenges and business drivers
Perform custom portfolio demonstrations based on strong discovery questions and real intel
Partner with like-minded peers across Tenable to build exceptionally strong teams and shared knowledge
Influence product directions, make a difference, and be part of Tenable’s growth and leadership in the ever faster moving world of cyber exposure

What You'll Need:

Prior experience working in a security related technical pre-sales role
Understanding how to craft a custom demo vs delivering a canned demo
Skill and confidence in leading discussions from a deep technical level to the executive level
A strong self-starter attitude and determination to win
Solid teamwork skills, teamwork is everything at Tenable
Solid Interpersonal “smarts”
Willingness to travel where and when needed within your territory, typically around 10% on average

And Ideally:

Experience with Nessus and/or other network security technologies
Solid foundational knowledge of TCP/IP and network security concepts
Experience with Enterprise class operating systems at the security admin level
Demonstrable experience with modern compute infrastructures such as AWS, Azure, GCP, etc.
Docker and DevOps knowledge, API scripting, Python SDK would be a ++
Knowledge of compliance standards (e.g., PCI, NIST, FISMA, SOX, NERC)
BS in Computer Science or a related field or equivalent experience (i.e. 4+ years of direct SE experience)
CISSP, GIAC, CEH, Security+ or other security-related certifications

We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.

The base salary range for this position is $79,000.00 - $105,000.00 USD. Compensation for the role will depend on a number of factors, including the candidate's qualifications, skills, competencies, location and experience, and may fall outside of the range shown. Employees are also eligible for variable compensation in addition to base pay (commission for sales roles, bonus for non-sales roles), depending on company and individual performance. Tenable also offers a variety of comprehensive and competitive benefits which include: medical, dental, vision, disability and life insurance; 401(k) retirement savings with company match; an employee stock purchase plan; an employee referral program; flexible spending accounts; an Employee Assistance Program (EAP); education assistance; parental leave; paid time off (PTO); company-paid holidays; health and wellness events; and community programs.

See more jobs at Tenable

Apply for this job

26d

Engineer, Network Security

BrightspeedCharlotte, NC, Remote

Design ● azure

Brightspeed is hiring a Remote Engineer, Network Security

Job Description

We are looking for an Engineer, Network Security to join our growing team. In this role, you will report directly to the Manager, Network Security. This SME role entails safeguarding all networks, including internal, customer-facing, and Telcom networks. You will actively engage in day-to-day security engineering and operations, serving as a technical authority in network security and possessing a deep understanding of security architecture. You will collaborate closely with IT and Network; and also contribute to diverse projects, demonstrating strong interpersonal skills to cultivate inter-organizational relationships. You will have effective management of project activities, including milestones and timelines, is also expected.

The primary functions of the Network Security Team include:

Design, deploy, configure, and maintain Palo Alto firewalls
Manage and administer Azure and GCP firewalls
Conduct regular reviews and audits of firewall configurations
Design, implement, and maintain DDoS mitigation solutions
Management of network authentication technologies like RADIUS and TACACS+
Manage network protection technologies like IDS and Honeypots

This position requires a strong background and understanding of all network and cloud security domains and works in both the Protect and Respond areas of the NIST CSF Framework. You will be required to make strong cyber security decisions while using a business risk analysis approach. Brightspeed is a cloud-first (Azure, GCP, and SaaS) company with a significant data center presence. This model will require you to consider security across a diverse portfolio of assets and networks. Brightspeed is also in a Zero Trust journey, which means the individual should be able to execute a multi-year program while ensuring network security and moving along the maturity curve.

As an Engineer, Network Security, your duties and responsibilities will include:

Design, implement, and lead the comprehensive enterprise cybersecurity network protection programs, leveraging advanced expertise in Palo Alto firewalls
Conduct thorough reviews and design meticulous firewall rules to ensure strict adherence to corporate security policies
Design, review, and execute robust network security solutions aimed at safeguarding the integrity of Brightspeed networks
Serve as the SME of the Network Security team, accountable for ensuring the overall security posture of Brightspeed networks. This includes spearheading device hardening initiatives, monitoring baseline configurations, meeting compliance standards, implementing security best practices, and overseeing remediation efforts.
Assume ownership of all network protection applications and platforms, overseeing their management, upgrades, configurations, changes, and support
Collaborate closely with the SOC and incident response teams to effectively resolve network security incidents
Document, implement, and maintain all network security devices to uphold robust security standards while developing and implementing appropriate strategies for information security policies, standards, and procedures
Engage proactively in organizational projects as needed, offering valuable insights and specialized expertise in network security domains
Demonstrate exceptional interpersonal skills, including strong verbal and written communication abilities, enabling effective collaboration with diverse stakeholders
Oversee the management of the enterprise's Network Security Systems, encompassing Firewalls (including cloud firewalls), DDOS mitigations, RADIUS, and TACACS+ authentication support
Participate in an on-call rotation to ensure 24/7 coverage of network security operations
Stay current on emerging cybersecurity threat landscape, vulnerabilities, and trends, and recommend proactive measures to enhance our security posture
Foster a culture of mentorship by guiding Network Security Analysts and actively participating in knowledge-sharing initiatives

Qualifications

WHAT IT TAKES TO CATCH OUR EYE:

Bachelor’s degree in Computer Science, Engineering, Cyber Security, or related field
Demonstrated expertise with firewall management and architecture spanning over 5+ years, with expertise in Palo Alto firewalls
Extensive background encompassing over 5+ years of hands-on experience in the Network Security field with versatility across various domains of network security
Proficiency in network security hardening methodologies
Experience in securing Office 365, Azure AD, and Email is essential
Proficiency with TACACS+, RADIUS, and DDOS mitigations
Ability to thrive in a fast-paced environment with multiple competing priorities
Meticulous attention to detail to ensure adherence to policies and standard procedures
Proven expertise in implementing security measures within GCP and Azure environments
Exceptional verbal and written communication skills
Proficient in TCP/IP routing and switching, as well as network design best practices
Experience in mitigating DDoS attacks, coupled with proficiency in DDoS attack defense, countermeasures, and packet analysis
Moderate understanding of BGP, OSPF, Switching topologies, and Cloud networking
Familiarity with zero-trust architectures is advantageous
Knowledge of incident response procedures is advantageous
Scripting experience is beneficial

BONUS POINTS FOR:

Palo Alto Networks Certified Network Security Engineer (PCNSE)
Certified Cloud Security Professional (CCSP)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH)

#LI-SS1

See more jobs at Brightspeed

Apply for this job

26d

Sr. Manager Application Security

SkechersManhattan Beach, CA, Remote

scala ● java ● .net ● angular ● python ● Node.js

Skechers is hiring a Remote Sr. Manager Application Security

Job Description

JOB PURPOSE-

The Sr. Manager, Application Security at Skechers is a key member of our global information security leadership team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can help lead our practice; who appreciates that securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle.

Skechers’ digital technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and information security best practices. The candidate who will find the most success and fulfillment brings a genuine passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.

ESSENTIAL JOB RESULTS-

Lead the team and practice responsible for application and cloud security at Skechers
Remain accountable for the selection and maintenance of tools and technology which :
- Help protect production applications, e.g. bot mitigation, code injection prevention, WAF, etc.
- Support application risk assessment, secure code training, code review, etc.
- Enable cloud security posture management, workload protection, and security monitoring
Collaborate with various groups in the global technology organization on the development of standards and best practice guidelines and procedures
Participate in the development of application security training plans and provide input on security awareness and secure coding initiatives
Proactively identify potential issues at various stages of the SDLC and provide input on issue avoidance
Work with development, cloud engineering, and devops teams to provide remediation guidance and perform post-remediation validation
Coordinate and manage periodic application audits and manual penetration tests
Plan and oversee internal and external security assessments and red team exercises
Stay up-to-date and informed on changing IT and information security trends
Create, communicate, and continuously monitor and improve metrics and KPIs
Manage vendor relationships for both technology and operations
Collaborate effectively with diverse internal teams to help drive security maturity
Contribute positively to the culture of information security across the org

ADDITIONAL RESPONSIBILITIES-

Other duties as assigned.

SUPERVISORY RESPONSIBILITIES-

Qualifications

JOB REQUIREMENTS-

Thorough understanding of common application security vulnerabilities and how to detect and fix them, including OWASP Top 10 and SANS CWE 25
Significant experience with application security testing including static and dynamic analysis techniques and web app pentesting
Understanding of general enterprise network and system components and their roles
Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
Experience with programming and scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, etc.
Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
Ability to communicate issues effectively to both technical and non-technical audiences
Excellent written and oral communication skills
Strong work ethic with attention to detail
Ability to excel in a fast paced and rapidly changing environment

EDUCATION AND EXPERIENCE-

5+ years of experience in an application development and/or information security role
5+ years of management experience
Proven ability to mentor, grow, and develop a team
Experience programming as part of an enterprise development team a plus
GIAC, (ISC)2, or Offensive Security Certification a plus

ADDITIONAL QUALIFICATIONS-

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

PHYSICAL DEMANDS-

While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear. The employee frequently is required to walk; sit, reach with hands and arms, and stoop, kneel. The employee is occasionally required to sit for long period of times.

See more jobs at Skechers

Apply for this job

27d

Security Analyst (Part-Time, Temporary)

SynackRemote in the US

c++

Synack is hiring a Remote Security Analyst (Part-Time, Temporary)

Job Application for Security Analyst (Part-Time, Temporary) at Synack

See more jobs at Synack

Apply for this job

28d

Senior Application Security Engineer

NEARRemote - North America

Design ● mobile ● java ● c++ ● linux ● python

NEAR is hiring a Remote Senior Application Security Engineer

About Pagoda

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

About The Role

Pagoda’s growing security team is looking for an experienced Senior Application Security Engineer to focus on the advancement of modern application security practices and partner closely with our engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing.

This team member will be responsible for the security and integrity of our applications, possessing a deep understanding of software vulnerabilities and the ability to develop effective security solutions. This role requires a strong technical background, excellent problem-solving skills, and the ability to collaborate with cross-functional teams to implement robust security measures.

What You'll Be Doing

Support the Pagoda Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
Collaborate and advise engineering teams on application security best practices and vulnerability remediation
Perform deep-dive security reviews to ensure all Pagoda products and services following secure design principles across our product portfolio (web, mobile, and APIs)
Create and deliver hands-on software security training to engineering teams to increase security awareness
Participate in on-call rotation to support engineering teams during incidents
Role activities:
- Manual source code review
- Adhoc Pen Testing
- WebApp/dApp PenTesting
- Secure program design and implementation review
- Threat modeling
- Continuous secure assurance activities
- Risk identification and categorization / management
- Engineering education and engagement
- Ownership of internal SAST/DAST toolset[s]

What We're Looking For

8+ years of experience in application security
Has set up or helped guide the creation of an Application Security program from scratch.
Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
Familiarity with modern SAST/DAST tooling. Snyk and Stackhawk are important.
Ability to review and dissect a Bug Bounty submission. Craft a fix and work with appropriate teams to implement
Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
Familiarity with and ability to understand business objectives, business context, and security risk
Proven ability to communicate effectively with developers

We'd Love If You Have

A passion for security and Web3
Strong Linux skills
Experience in building lasting connections with development teams
Experience in a startup environment
Professional certifications e.g. CISSP
Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)

Here’s What Our Interview Process Looks Like

Our interviews take place via Zoom and typically consists of the following stages:

Recruiter Call
Hiring Manager Call
1st Round
- Bug Bounty Interview
- Technical Assessment with Engineering
Final Round
- Meet with CTO
- Pagoda Values Interview

Compensation

The base salary range for this role is $176,000 - $200,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process.

Benefits & Perks

Encouraged 20 days of flexible PTO per year, plus your local holidays
Wellness weeks – 2 weeks of paid company-wide closures
100% Paid medical, dental and vision, AD&D and life insurance for US employees, including 85% coverage for dependents, and HSA + FSA options; For non-US employees, 100% Paid private medical coverage available at the highest tiered plan
Access to licensed therapists and mental health resources through Spill, 100% confidential and paid by Pagoda; plus $75 monthly reimbursement for wellness
Generous parental leave options; All employees have access to $10,000 in fertility assistance through Carrot
For US employees, 401(k) retirement plan available (no match)
Annual company retreats and team offsites (2023 was in Spain; 2022 in Portugal)
$2,000 Continued Education Reimbursement
$2,000 Home Office Reimbursement
Co-working Space Reimbursement

Our Values at Pagoda

Our values express our company culture. Learn more on our careers page.

Pagoda is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.

See more jobs at NEAR

Apply for this job

29d

Senior Security Engineer I

SamsaraRemote - US

slack

Samsara is hiring a Remote Senior Security Engineer I

Who we are

Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, Equipment Monitoring, and Site Visibility. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term.

Recent awards we’ve won include:

Glassdoor's Best Places to Work 2024

Best Places to Work by Built In 2024

Great Place To Work Certified™ 2023

Fast Company's Best Workplaces for Innovators 2023

Financial Times The Americas’ Fastest Growing Companies 2023

We see a profound opportunity for data to improve the safety, efficiency, and sustainability of operations, and hope you consider joining us on this exciting journey.

Click hereto learn more about Samsara's cultural philosophy.

About the role:

The Senior Security Engineer - Enterprise Security is responsible for building, operating, and maintaining Samsara’s core security infrastructure. Reporting to the Manager of Enterprise Security, you will collaborate with a global team of engineers to build a world-class security engineering program utilizing modern principles across corporate and product infrastructure.

You take security seriously and strive to build low-friction solutions developed in close partnership with others. You are passionate about building automation and helping to drive insights around potentially malicious activity within production environments. You will use your familiarity with a diverse set of technologies and practices to build a leading program in our industry.

You should apply if:

You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best.

Click hereto learn more about Samsara's cultural philosophy.

In this role, you will:

Contribute to the development, deployment, and management of Samsara’s enterprise security program, including endpoint detection and response, vulnerability management, device trust, and SaaS posture management.
Be responsible for one or more key security systems or processes, working directly with stakeholders and vendors to ensure seamless integration and operation.
Write documentation and runbooks around key enterprise security needs.
Collaborate with Security Operations to provide subject matter expertise around security investigations and incident management.
Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

Significant (4+ years) experience working in enterprise security in the technology sector with demonstrated impact and career progression
Deep subject matter expertise within enterprise security, such as extensive experience managing endpoint security toolsets, device trust efforts, email security tooling, secure access service edge delivery, or SaaS posture and security
Proven history of planning and delivering high-impact, complex projects with clarity and independence
Willingness to collaborate and mentor more junior team members and cross-functional partners, including via documentation writing, code pairing, and other activities.

An ideal candidate also has:

Experience building out security programs using modern SaaS platforms such as Zscaler, Crowdstrike, Wiz, Splunk, and other tools.
Experience with securing common SaaS productivity tools such as Google Workspace, Slack, and Atlassian products in an enterprise environment.

Samsara’s Compensation Philosophy:Samsara’s compensation program is designed to deliver Total Direct Compensation (based on role, level, and geography) that is at or above market. We do this through our base salary + bonus/variable + restricted stock unit awards (RSUs) for eligible roles. For eligible roles, a new hire RSU award may be awarded at the time of hire, and additional RSU refresh grants may be awarded annually.

We pay for performance, and top performers in eligible roles may receive above-market equity refresh awards which allow employees to achieve higher market positioning.

The range of annual base salary for full-time employees for this position is below. Please note that base pay offered may vary depending on factors including your city of residence, job-related knowledge, skills, and experience.

$135,482—$227,700 USD

At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems. We are committed to increasing diversity across our team and ensuring that Samsara is a place where people from all backgrounds can make an impact.

Benefits

Full time employees receive a competitive total compensation package along with employee-led remote and flexible working, health benefits, Samsara for Good charity fund, and much, much more. Take a look at our Benefits site to learn more.

Accommodations

Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click hereif you require any reasonable accommodations throughout the recruiting process.

Flexible Working

At Samsara, we embrace a flexible working model that caters to the diverse needs of our teams. Our offices are open for those who prefer to work in-person and we also support remote work where it aligns with our operational requirements. For certain positions, being close to one of our offices or within a specific geographic area is important to facilitate collaboration, access to resources, or alignment with our service regions. In these cases, the job description will clearly indicate any working location requirements. Our goal is to ensure that all members of our team can contribute effectively, whether they are working on-site, in a hybrid model, or fully remotely. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company and in the specified work location, if applicable.

Fraudulent Employment Offers

Samsara is aware of scams involving fake job interviews and offers. Please know we do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in ‘@samsara.com’ or ‘@us-greenhouse-mail.io’. For more information regarding fraudulent employment offers, please visit our blog post here.

Apply for this job

29d

Offensive Security Engineer

SquareSan Francisco, CA, Remote

azure ● ruby ● linux ● python ● AWS

Square is hiring a Remote Offensive Security Engineer

Job Description

Block’s Offensive Security team is seeking a highly skilled and motivated Senior Offensive Security Engineer to join our team. In this role, you will play a critical role in proactively identifying and exploiting vulnerabilities within our systems and infrastructure, mimicking real-world attacker tactics. Your insights will be used to improve our overall security posture and ensure we stay ahead of evolving threats.

You will:

Lead and execute complex Red Team engagements, simulating real-world attacker scenarios to uncover critical vulnerabilities across our network and applications.
Identify, research, and exploit various vulnerabilities (including zero-days) to gain unauthorized access to systems and data.
Develop custom tools, scripts, and exploit code.
Document findings in a clear, concise, and actionable manner, including detailed reports with working proofs of concept and recommendations for remediation.
Collaborate with the Blue Team and security leadership to prioritize vulnerabilities, develop mitigation strategies, and improve overall security posture.
Participate in knowledge sharing by mentoring junior team members and presenting findings, including opportunities to present at external conferences.

Qualifications

You have:

Minimum 5+ years of experience in offensive security engagements.
Proven experience leading and executing Red Team engagements.
Expertise in various operating systems (Mac, Linux, etc.) and scripting languages (Python, Ruby, etc.).
Experience with exploit development and post-exploitation techniques.
Excellent communication, collaboration, and problem-solving skills.
Ability to work independently and manage multiple projects simultaneously.
Strong understanding of the threat landscape and attacker motivations.

Bonus points for:

Experience with responsible disclosure and publicly reported CVEs.
Experience in a cloud environment (AWS, Azure, GCP).
Experience in using C2s and developing and deploying custom C2 and implants.

See more jobs at Square

Apply for this job

29d

Senior Product Security Engineer

QlikHybrid Remote, Paris la Defense, France

Design ● c++ ● javascript

Qlik is hiring a Remote Senior Product Security Engineer

Description

What makes us Qlik?

AGartner® Magic Quadrant™ Leader for 13 years in a row, Qliktransforms complex data landscapes into actionable insights, driving strategic business outcomes. Serving over 40,000 global customers, our portfolio leverages pervasive data quality and advanced AI/ML capabilities that lead to better decisions, faster.

We excel in integration and governance solutions that work with diverse data sources, and our real-time analytics uncover hidden patterns, empowering teams to address complex challenges and seize new opportunities.

The Senior Product Security EngineerRole

Join our Security team and take charge of delivering the status of features and products. Independently plan, execute, and thoroughly document Penetration Tests adhering to industry best practices.

Your role involves promoting and inspiring software security best practices, actively assisting stakeholders in developing features with security at the forefront, and creating comprehensive threat models for proposed features.

What makes this role interesting?

Autonomy and Impact:Work independently to plan and execute penetration tests, showcasing your expertise in identifying vulnerabilities and providing effective solutions.

Championing Security Best Practices:Inspire and promote software security best practices and guidelines, contributing to a culture of security awareness and excellence.

Collaborative Security Measures:Collaborate with stakeholders, assisting in the design, development, and testing of features with a strong focus on software security.

Proactive Threat Modelling:Produce threat models against proposed features, offering valuable insights and suggesting defensive countermeasures.

Here’s how you’ll be making an impact:

Vulnerability Resolution:Work with third parties to replicate reported security vulnerabilities, collaborating with R&D teams to develop and implement fixes.

Automated Vulnerability Assessment:Verify results from automated vulnerability assessment tools, ensuring accurate identification of vulnerabilities and minimizing false positives.

Manual Penetration Testing:Perform manual penetration tests using a combination of manual methods and automated tools to ensure a thorough security evaluation.

Developer Training:Coach and train developers on best security practices, creating and delivering engaging training content when necessary.

We’re looking for a teammate with:

Strong experience with the OWASP testing guide, showcasing your proficiency in understanding, and implementing industry-standard security practices.
Familiarity with multiple web frameworks and technologies, including JavaScript, XML, SOAP, and JSON.
Proven experience in creating detailed penetration test reports tailored for both company executives and developers, including prioritization and mitigation advice.

Thelocationfor this role is:

France

Join us in enhancing security practices and driving impactful measures. If you're passionate about securing software and enjoy autonomy in executing penetration tests, wewould foryou to apply.

More about Qlik and who we are:

Find out more about life at Qlik on social:Instagram,LinkedIn,YouTube, andX/Twitter, and to seeallotheropportunities to join usandour values, check outourCareers Page.

What else do we offer?

Genuine career progression pathwaysandmentoring programs
Culture of innovation, technology, collaboration, and openness
Flexible, diverse, and international work environment

Giving back is a huge part of our culture. Alongside an extra “change the world” dayplusanother for personal development, we also highly encourage participation in ourCorporate Responsibility Employee Programs

If you need assistance applying for a role due to a disability, please submit your request via[email protected]. Any information you provide will be treated according to Qlik’s Recruitment Privacy Notice. Qlik may only respond to emails related to accommodation requests

Qlik is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Qlik via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Qlik. No fee will be paid in the event the candidate is hired by Qlik as a result of the referral or through other means.

See more jobs at Qlik

Apply for this job

+30d

Staff Security Engineer - Detection and Response

FastlyUS (Remote)

agile ● Design ● ruby ● c++ ● linux ● python ● AWS

Fastly is hiring a Remote Staff Security Engineer - Detection and Response

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including Vimeo, Pinterest, The New York Times, and GitHub.

We're building a more trustworthy Internet. Come join us.

As a Staff Security Engineer on our Detection and Response team, you will help detect and respond to threats for one of the biggest online platforms in the world that handles massive amounts of traffic at very low latency.

We are looking for a teammate with expertise in both security engineering and operations and that values the complement between the two. You will have the opportunity to build and integrate tooling and detections, as well as investigate threats and lead incidents. As part of the larger Security organization, we make risk-informed decisions and prioritize automations to help us scale. As the lead engineer on our team, you will design, build, and mature our detection and response program, enabling rapid detection and effective response to threats against Fastly. You will lead large, complex, cross-team projects and mentor other security engineers on our growing team.

What You'll Do:

Lead the design and implementation of a robust Detection Engineering program
Develop detections and other analytics to identify threats across cloud, corporate, and edge environments
Partner closely with Engineering, Security Architecture, Risk Management, Compliance, and other teams to prioritize detections and delivery of other security initiatives
Triage and investigate security threats and lead security incidents
Research, evaluate, implement, and maintain a variety of custom and commercial security tools, such as Endpoint Detection and Response (EDR), anti-phishing, and Security Information and Event Monitoring (SIEM)
Develop strategies, frameworks, designs, automations, metrics, and processes to support the maturity of the Detection and Response program
Develop and maintain incident response playbooks and other detection and response documentation
Conduct threat hunts to discover unknown malicious activity across our environment
Participate in our on-call rotations
Mentor other team members and contribute to larger Security initiatives

What We're Looking For:

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess most of the following and an interest in learning more about the rest:

Expertise in utilizing Splunk to include investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools
Strong understanding of attacker tactics, techniques, and procedures (TTPs) and investigating advanced threats
Experience in implementing “Detection as Code”
Experience in securing, developing detections, and responding to incidents in one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)
Experience in effectively leading large and complex security incidents from detection to remediation
Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSF
Proficiency in one or more general purpose programming languages such as Python, Ruby, Go, or Rust
Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

We’ll be super impressed if you have experience in any of these:

Built a Detection Engineering pipeline
Built and led threat hunts
Published research on detection engineering or threat intelligence
Developed automations to improve security operations
Familiarity with content delivery networks (CDN), edge cloud platforms, or other Fastly products and services

Work Hours:

This position will require you to be available during core business hours.

Work Locations & Travel Requirements:

This position is open to both hybrid and remote.

The preferred locations for this position are:

San Francisco, CA
Los Angeles, CA
Denver, CO
New York City, NY

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.

We are willing to consider remote candidates in US (Remote).

This position may require travel as required by your role or requested by your manager.

Salary:

The estimated salary range for this position is $167,790 to $209,740.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits:

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings?

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a non-accrual vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2024, we offer 10 paid local holidays, 11 paid company wellness days.

Why Fastly?

We have a huge impact. Fastly is a small company with a big reach. Not only do our customers have a tremendous user base, but we also support a growing number of open source projects and initiatives. Outside of code, employees are encouraged to share causes close to their heart with others so we can help lend a supportive hand.
We love distributed teams. Fastly’s home-base is in San Francisco, but we have multiple offices and employees sprinkled around the globe. As a new hire, you will be able to attend our IN-PERSON new hire orientation in our San Francisco office! It is an exciting week-long experience that we offer to new employees to build connections with colleagues across Fastly, participate in hands-on learning opportunities, and immerse yourself in our culture firsthand.
We value diversity. Growing and maintaining our inclusive and diverse team matters to us. We are committed to being a company where our employees feel comfortable bringing their authentic selves to work and have the ability to be successful -- every day.
We are passionate. Fastly is chock full of passionate people and we’re not ‘one size fits all’. Fastly employs authors, pilots, skiers, parents (of humans and animals), makeup geeks, coffee connoisseurs, and more. We love employees for who they are and what they are passionate about.

We’re always looking for humble, sharp, and creative folks to join the Fastly team. If you think you might be a fit please apply!A fully completed application and resume or CV are required when applying.

Fastly is committed to ensuring equal employment opportunity and to providing employees with a safe and welcoming work environment free of discrimination and harassment. Our employment decisions are based on business needs, job requirements and individual qualifications.All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, family or parental status, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

Consistent with the Americans with Disabilities Act (ADA) and federal or state disability laws, Fastly will provide reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact your Recruiter, or the Fastly Employee Relations team atcandidateaccommodations@fastly.comor 501-287-4901.

Fastly collects and processes personal data submitted by job applicants in accordance with our Privacy Policy. Please see our privacy notice for job applicants.

See more jobs at Fastly

Apply for this job

+30d

Senior Cloud Security Engineer

FanDuelRemote US

flutter ● c++

FanDuel is hiring a Remote Senior Cloud Security Engineer

Job Application for Senior Cloud Security Engineer at FanDuel{"@context":"schema.org","@type":"JobPosting","hiringOrganization":{"@type":"Organization","name":"FanDuel","logo":"https://recruiting.cdn.greenhouse.io/external_greenhouse_job_boards/logos/000/006/973/resized/preview3.jpg?1569577352"},"title":"Senior Cloud Security Engineer","datePosted":"2024-03-13","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":null,"addressRegion":null,"addressCountry":null,"postalCode":null}},"description":"\u003cp style=\"text-align: center;\"\u003e\u003cstrong\u003eABOUT FANDUEL \u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFanDuel Group (“FanDuel\") is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.\u003c/p\u003e\n\u003cp\u003eFanDuel has a presence across all 50 states with approximately 17 million customers and 28 retail locations. FanDuel is based in New York with offices in New Jersey , Georgia, California, Oregon, Canada and Scotland.\u003c/p\u003e\n\u003cp\u003eIts networks FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer over-the-top platforms.\u003c/p\u003e\n\u003cp\u003eFanDuel Group is a subsidiary of Flutter Entertainment plc, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and traded on the New York Stock Exchange (NYSE: FLUT).\u003c/p\u003e\n\u003cp style=\"text-align: center;\"\u003e\u003cstrong\u003eTHE ROSTER…\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAt FanDuel, we give fans a new and innovative way to interact with their favorite games, sports and teams. We’re dedicated to building a winning team and we pride ourselves on being able to make every moment mean more, especially when it comes to your career. So, what does “winning” look like at FanDuel? It’s recognition for your hard-earned results, a culture that brings out your best work—and a roster full of talented coworkers. Make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From creatives professionals to cutting edge technology innovators, FanDuel offers a wide range of career opportunities, best in class benefits, and the tools to explore and grow into your best selves. At FanDuel, our principle of “We Are One Team” runs through all our offices across the globe, and you can expect to be a part of an exciting company with many opportunities to grow and be successful.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eTHE POSITION\u003cbr\u003e\u003c/strong\u003eOur roster has an opening with your name on it\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003cspan class=\"TextRun MacChromeBold SCXW71160383 BCX0\" lang=\"EN-US\" data-contrast=\"auto\"\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003eWe are looking for a skilled and accomplished Cloud Security Engineer to join our Software Security Team. In this role, you will \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003ebe responsible \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003efor\u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e executing\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"TextRun SCXW71160383 BCX0\" lang=\"EN-US\" data-contrast=\"none\"\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e a comprehensive\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"TextRun MacChromeBold SCXW71160383 BCX0\" lang=\"EN-US\" data-contrast=\"auto\"\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e Cloud Security strategy, \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003ementoring\u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e and advising \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003ediverse \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003eteams across the organization\u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e, and implementing secure by default principles across\u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e FanDuel. This role offers an excellent opportunity for you to apply your \u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003eexpertise\u003c/span\u003e\u003cspan class=\"NormalTextRun SCXW71160383 BCX0\"\u003e in cloud security, ensuring the protection and integrity of our cloud-based infrastructure.\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"EOP SCXW71160383 BCX0\" data-ccp-props=\"{\u0026quot;201341983\u0026quot;:0,\u0026quot;335559738\u0026quot;:280,\u0026quot;335559739\u0026quot;:280,\u0026quot;335559740\u0026quot;:276}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eTHE GAME PLAN\u003c/strong\u003e\u003cbr\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003eEveryone on our team has a part to play\u003c/p\u003e\n\u003cul\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eAct as a subject matter expert on public cl\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eoud security and cloud native security within the \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eCyberSecurity\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e Department and across the organization\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eProvide \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eexpertise\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e in public cloud security for initiatives related to detection \u0026amp; response, vulnerability management, and compliance.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003ePerform security assessments of cloud infrastructure, \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eidentify\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e potential threat vectors, and recommend mitigation strategies to prevent disruptions and data breaches.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eCollaborate with technology stakeholders to \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eestablish\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e security metrics that \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003edemonstrate\u003c/span\u003e \u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eproficiency\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e across various technology teams \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eoperating\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e in the cloud.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eOwn and \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003edeliver\u003c/span\u003e \u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eautomation tools to enhance application security in the cloud, \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003ef\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eacilitating\u003c/span\u003e \u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003efaster and more accessible security enhancements.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eLead the implementation of \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003esecurity solutions integrated into the Secure Development Lifecycle (SDL) for cloud-based \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003einfrastructure\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e and \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eapplications.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eDocument processes associated with critical cloud systems for compliance and auditing purposes.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eWork closely with development and operations teams to define and enforce cloud application security standards and best practices.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eTake on \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eadditional\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e responsibilities as needed to \u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003emaintain\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e and improve cloud security across the organization.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp data-ccp-border-between=\"0px none #000000\" data-ccp-padding-between=\"0px\"\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eTHE STATS\u003cbr\u003e\u003c/strong\u003eWhat we’re looking for in our next teammate\u003c/p\u003e\n\u003cul\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"10\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"auto\"\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003eExpertise\u003c/span\u003e\u003cspan data-ccp-parastyle=\"Normal (Web)\"\u003e in cloud architecture and design, including the ability to design highly secure and scalable cloud environments.\u003c/span\u003e\u003c/span\u003e\u003cspan data-ccp-props=\"{\u0026quot;134233117\u0026quot;:true,\u0026quot;134233118\u0026quot;:true}\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n\u003cli data-leveltext=\"\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{\u0026quot;335552541\u0026quot;:1,\u0026quot;335559685\u0026quot;:720,\u0026quot;335559991\u0026quot;:360,\u0026quot;469769226\u0026quot;:\u0026quot;Symbol\u0026quot;,\u0026quot;469769242\u0026quot;:[8226],\u0026quot;469777803\u0026quot;:\u0026quot;left\u0026quot;,\u0026quot;469777804\u0026quot;:\u0026quot;\u0026quot;,\u0026quot;469777815\u0026quot;:\u0026quot;hybridMultilevel\u0026quot;}\" data-aria-posinset=\"11\" data-aria-level=\"1\"\u003e\u003cspan data-contrast=\"none\"\u0

See more jobs at FanDuel

Apply for this job

+30d

Information Security Engineer

h2o.aiRemote

kubernetes

h2o.ai is hiring a Remote Information Security Engineer

Information Security Engineer - h2o.ai - Career Page

See more jobs at h2o.ai

Apply for this job

+30d

Senior Product Security Engineer

NewselaRemote

Bachelor's degree ● azure ● c++ ● python ● AWS

Newsela is hiring a Remote Senior Product Security Engineer

The role:

As a Product Security Engineer at Newsela, you will play a pivotal role in ensuring the security of our SaaS products by designing and implementing security controls to protect sensitive data to prevent unauthorized access.
Ensure compliance with relevant security standards, regulations, and industry certifications (e.g., SOC2, GDPR, HIPAA), while managing requirements gathering and remediation efforts for SOC2 and other security audits.
Develop security-related documentation, such as policies, procedures, and control mappings, while participating in risk assessments and compliance reviews to identify areas for improvement.
Champion security awareness and adherence to secure coding practices among development teams and provide guidance and support to internal stakeholders on security best practices and compliance requirements.
You will work closely with our engineering teams to build advanced detection solutions to help keep systems and information safe and partner closely with our Legal team to conduct complex investigations.
Collaborate with internal stakeholders and external partners, including vendors and customers, to respond to RFPs about product security and compliance.
Lead investigations into security incidents by conducting root cause analysis and implementing corrective actions to prevent recurrence.
Implement security controls and remediation activities to mitigate identified risks and vulnerabilities.
Monitor and track compliance with security policies and standards, and report on findings to relevant stakeholders.

Why you’ll love this role:

You’ll be part of an organization solving real challenges in K-12 education, and your role will directly impact Newsela’s product security.
Your work will shape the future of Newsela’s security practices for our products, which are loved by teachers nationwide, and you’ll work to protect sensitive data and prevent unauthorized access for our customers, teachers and students.
Your expertise in identifying and mitigating security risks will be essential in safeguarding our customers' data and ensuring compliance with industry standards and regulations.
Will you empower our developers to securely introduce new features.
You will lead investigations into security incidents, conducting root cause analysis and implementing corrective actions to prevent recurrence.

Why you’re a great fit:

3+ years of experience as a Product Security Analyst, Product Security Engineer, or Security Engineer with proven experience in product security engineering and a focus on SaaS applications.
Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CSSLP) preferred.
Experience working with vendors and customers to respond to RFPs about product security and compliance, and experience working in partnership with Software Development and Legal teams for security compliance.
Experience with requirements and remediation for SOC2 and other security audits for software as a service.
Demonstrated coding ability in Python and familiarity with cloud computing platforms (e.g., AWS, Azure, GCP), and associated security controls.
Strong understanding of web application security concepts, including authentication, authorization, encryption, and secure coding practices.
Hands-on experience with security tools and technologies, such as vulnerability scanners, penetration testing tools, and SIEM solutions.
Strong analytical and problem-solving abilities, with a keen attention to detail and a proactive approach to security challenges.
Proven capacity to assess system security, discern patterns, and delve into intricate issues.
Proficiency in making data-driven, risk-based decisions.
Results-driven approach with exceptional interpersonal and communication abilities to effectively engage with technical and non-technical stakeholders.
Strong empathy towards our customers, including internal developers.

Base Compensation: $120,000 - $136,000. Total compensation for this role also incentive stock options and benefits. This compensation range may be adjusted based on actual experience.

See more jobs at Newsela

Apply for this job

+30d

Splunk Security Engineer

BlueVoyantRemote

2 years of experience ● Design ● azure ● AWS

BlueVoyant is hiring a Remote Splunk Security Engineer

Splunk Security Engineer - BlueVoyant - Career PageSee more jobs at BlueVoyant

Apply for this job

+30d

Application Security Engineer

EcoVadisWarsaw, Poland, Remote

Design ● azure ● java ● c++ ● linux ● python ● AWS ● javascript

EcoVadis is hiring a Remote Application Security Engineer

Job Description

Our IT Security team is looking for an Application Security Engineer to help our effort in protecting our corporate products and services, our internal solutions and the data managed by EcoVadis.

You will be part of the team that collaborates in all areas of our Secure Software Development Lifecycle (SSDLC), with a predominant focus on enhancing the security of our code, ensuring that our developers follow the best practices to avoid vulnerabilities, promote automation inside the SSDLC, and collaborate with the team in executing different tests and reviews with a technical approach.

You will have the opportunity to make a significant impact and contribute to the overall success of our company.

This role will include the following responsibilities:

Integrate SAST into SDLC:
- Perform and maintain code analysis using one of industry-recognized SAST tools;
- Exhibit knowledge and ability to integrate code scanning into the SSDLC (e.g. understand the basics of the code life-cycle and CI/CD platforms);
- Understand the code to find and fix flaws that developers may have missed and help in the identification of false positives;
- Help the engineering teams fix security issues, and mentor them to improve their security expertise.
Conduct web application penetration tests:
- Perform manual and automated application vulnerability assessments, document identified vulnerabilities and provide recommendations for remediation;
- Exhibit knowledge and ability to perform industry standard web application penetration testing methods, including OWASP guides;
- Plan and create penetration methods, scripts and tests, as well as to simulate security breaches in a secure manner.
General Security Engineer responsibilities:
- Ability to analyze security issues (both white-box and black-box), determine its cause and impact to the business, and identify the corrective action needed to eliminate and prevent the event from materializing in the future;
- Work with IT Security team members and the development teams to design mitigation strategies for identified weaknesses, including the prioritization and contextualization of vulnerabilities;
- Contribute to and help to further develop application security frameworks and standards;
- Present your findings, risks and conclusions to different stakeholders (technical and non-technical);
- Assist with other organization security projects and tasks as required;
- Support the development and growth of Application Security practices and tools in the company;
- Drive the efforts to automate operational security.

Qualifications

A minimum of 3 years of professional experience in application security, penetration testing, or static code analysis;
Proven track record of conducting successful penetration tests and security assessments on web applications or other software systems;
Strong experience with static and dynamic code analysis tools and techniques, including code review and identifying code-level vulnerabilities;
Familiarity with DevSecOps practices and integrating security into CI/CD pipelines;
Experience with tools and frameworks commonly used in application security testing, such as Burp Suite, Kali linux, Metasploit, etc.;
Familiarity with various programming languages (e.g., C#, Python, JavaScript, Java) and ability to understand and review code for security vulnerabilities;
Proficiency in identifying, exploiting, and mitigating common security vulnerabilities (e.g., OWASP Top Ten) in web applications and APIs;
Understanding of network protocols, operating systems, and databases, and their security implications;
Basic knowledge of cloud security concepts and best practices (e.g., AWS, Azure, Google Cloud);
Understanding of cryptography principles and secure authentication and authorization mechanisms;
Ability to work independently;
Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements;
Open to work in an international, multilingual environment;
Proficient in English (oral and written);
Professional certification (e.g. OSCP or OSWE) is a plus;
Hands-on experience with Google Workspace is a plus.

See more jobs at EcoVadis

Apply for this job

Other Job subscriptions you might be insterested in