Cybersecurity Trust by Design Senior Engineer

Cybersecurity Trust by Design Senior Engineer

Requirements

• Bachelor’s Degree
• Minimum 6+ years of relevant experience
• Proven experience in the system development lifecycle (SDLC), software/product development, or software security
• Deep understanding of security principles, threat modeling, and risk management
• Expertise in security frameworks, security tooling, and secure coding practices
• Strong experience in building and maintaining security architectures and reusable security design patterns
• Hands-on experience with tools and technologies for vulnerability scanning, penetration testing, and security automation
• Excellent problem-solving skills and the ability to think critically about security threats and mitigation strategies
• Strong communication skills, with the ability to successfully communicate with technical and non-technical collaborators.

Responsibilities

• Work with product development teams to integrate security into each phase of the SDLC, ensuring security is a primary consideration from design to deployment.
• Identify and assess potential security risks and vulnerabilities within the system architecture, product design, and enterprise systems. Lead threat modeling exercises to proactively detect risks early in the development lifecycle.
• Develop and enforce security-focused architecture and design patterns to improve system resilience and security across products and services. Build reusable, scalable security controls that are adaptable to various development teams.
• Use a deep understanding of attack patterns, techniques, tactics, and procedures (TTPs) to identify security gaps and build compensating and mitigating controls that bolster trust and resilience across enterprise systems and applications.
• Hands-on experience in implementing OWASP’s recommended secure coding patterns, ensuring that security standard methodologies are embedded into the software development process and aligned with industry standards.
• Collaborate with engineering teams to implement automated security testing and monitoring solutions that promote early detection of threats and improve system resilience.
• Work closely with engineering, DevOps, and other collaborators to promote security standard processes and drive a security-first culture across the organization. Provide mentorship and support to other teams on secure coding practices, vulnerability management, and compliance requirements.
• Assist in security incident investigations and give to developing remediation strategies that prevent similar incidents in the future.
• Stay up-to-date with industry trends and emerging security technologies. Share knowledge and contribute to continuous improvements in security processes, tools, and frameworks.

Preferred Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience)
• Deep understanding of attack patterns, techniques, tactics, and procedures (TTPs) and experience developing compensating and mitigating controls to enhance trust and resilience in products and enterprise systems
• Extensive hands-on experience with OWASP recommended security patterns and standard processes
• Experience with cloud environments (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes)
• Certifications such as CISSP, CISM, CEH, or similar
• Familiarity with regulatory frameworks (GDPR, HIPAA, PCI DSS) and industry standard processes
• Experience working in agile or DevOps environments