Senior Security Engineer
Job Description
We are looking for a Senior Security Engineer to take significant ownership and provide experienced insight into our security program at Super.com. In this role you will be accountable for helping to define and achieve our security objectives, take ownership over existing security processes, and individually implement new solutions to difficult security challenges. You’ll operate with significant autonomy to identify opportunities, drive DevSecOps initiatives, and implement solutions that leverage technology and automation to scale.
Responsibilities
“Be an Owner” of security engineering across the company and ensure we identify and mitigate risks early in the development lifecycle.
Leverage your experience while providing strategic insights to company security roadmap planning
Drive DevSecOps and other security initiatives from ideation through design, implementation (including coding), deployment, operation, and evangelization.
Act as a trusted point of contact for security questions and issues, particularly as a point of escalation during security-related incidents.
Provide security insights to cross-team technical meetings and discussions, identifying opportunities to improve security processes and engineering productivity
Interact with external parties on Super.com’s behalf during vendor selection/negotiation, external audits, contract work such as pen-tests, and bug bounty program communications
Champion Super.com’s values, helping the company view core values from a security perspective
Job Requirements
5+ years experience in a full-time security role with a broad range of responsibilities
1+ year experience working as a software developer, or a relevant education background such as Computer Science indicating experience and comfort with software engineering
Able to write python scripts
Experience working with product management, engineers, IT, and non-technical business staff
Experience framing security problems in business language and building support for security initiatives
Has implemented shift-left security tools and methods such as SAST, DAST, SCA, Container Security, and DevSecOps initiatives with a focus on CI pipeline integration
Has proactively achieved on a broad range of security initiatives, spanning infrastructure security, application security, and implementing business controls/policies in the context of modern web applications
Experienced working with AWS, Terraform, Kubernetes, Linux, and generally popular security tools
