Essential Job Duties & Responsibilities
- Lead, participate in, and contribute to partnerships between security, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap products and services.
- Define and refine processes such as threat modeling, embedment models, and the prioritization of features, defects, and vulnerabilities.
- Assist the red team with ongoing activities, including bug bounty programs and continuous penetration testing platforms.
- Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns.
- Support the security operations team with the vulnerability management lifecycle for products and services under your purview.
- Select and operate product and application security solutions, from DAST/SAST, SCA, Threat Modeling, etc.
Required Skills, Knowledge and Abilities
- Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences.
- Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization.
- Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments.
- Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus).
- Proven ability to establish credibility and build trust with engineers and operational staff; confident yet humble.
- Hands-on experience with microservices and associated orchestration tools, such as ECS, EKS, Nomad, and Istio, with an understanding of the operational and security implications of these technologies.
- Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.
- Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.
- Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed.
- Prior experience developing security services for products or enterprise platforms, ideally using Python, Node.js, TypeScript, or .NET.
- Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments.
- Strong understanding of cryptography and key management use cases.
- Experience overseeing vulnerability and threat management at the platform and application levels.
- Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement.
- Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution.
Other Jobs from GoodLeap
Staff Software Engineer, Funding
Senior Software Engineer, Funding
Senior Quality Engineer
Senior Data Scientist
Senior Software Engineer
Staff Software Engineer
Similar Jobs
Lead Software Engineer - Java
Développeur Java/Angular H/F
Développeur Java H/F
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 401 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say