Security Engineer

About the role

We are seeking a Security Engineer to join our growing security team. We are creating more services that use AI technology to generate tremendous value for the world, and with the incredible speed of our customer growth, we need experienced and intelligent talent to strengthen cybersecurity across various stages of product development and collaborate with software development teams. You will also be responsible for information security and integration work within the group.

Responsibilities

• Design and implement secure CI/CD pipelines with automated security checks integrated into development workflows
• Establish and maintain security scanning tools, including SAST, DAST, dependency scanning, and more
• Develop Policy as Code solutions to enable automated compliance checks
• Establish and drive secure software development lifecycle processes, ensuring security is considered at every development stage
• Define security requirements analysis and threat modeling standards to identify potential security risks during the design phase
• Integrate Static Application Security Testing (SAST) into development IDEs and CI/CD processes
• Conduct pre-production security assessments and penetration testing
• Create security deployment checklists and production environment security monitoring
• Implement security best practices for Infrastructure as Code (IaC)
• Set up and maintain security monitoring, log aggregation, and alerting systems
• Perform vulnerability assessments and penetration testing

About you

[Minimum qualifications]

• Minimum 3 years of experience in cybersecurity field, DevOps or software development
• Knowledge of the SSDLC
• Extensive experience in software product engineering, deployment, and integration
• Ability to evaluate product performance metrics, as well as diagnose and resolve issues
• Ability to keep up with advancements in the field of technical product development
• Exceptional communication and interpersonal skills

[Preferred qualifications]

• BS/MS in computer science
• Hold relevant security certifications (CISSP, CCSP, SSCP, CSSLP, CC, CISM, CEH, etc.)
• Experience in compliance management (ISO 27001, SOC2)
• Blue team experience, including SOC operations or threat hunting
• Experience participating in red-blue team exercises or competitions
• Experience in SSDLC process design and implementation
• Familiar with security integration in agile development environments
• Strong English reading and communication skills

#LI-CS1