Senior Security Engineer

By joining our team as a Senior Security Engineer, you will become a leading subject matter expert on the security of modern web applications, APIs, cloud infrastructure, and corporate environment security. In close collaboration with technical advisors and staff engineers, you will assess the security of new applications, features, partner integrations, data flows, and internal configuration/administration tools. You will also be a technical leader in incident response and vulnerability management.

What You’ll Be Working On

• Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools.   
• Develop solutions to enable and enhance the security of our services and infrastructure on Azure and AWS, such as mechanisms to identify and prevent security incidents and accelerate the team’s response to security issues.   
• Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through third-party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g., DevOps/SRE, Software Engineering).
• Play a key role in selecting, designing, configuring, and using additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP).
• Serve as a technical leader on incident response for web applications and infrastructure.
• Recommend, drive, and implement improvements to our Security Program, including how the program is integrated within the SDLC.
• Will author and, when appropriate, delegate formal technical risk assessments to team members, documenting security findings and outlining required mitigating controls.

What You’ll Bring to OneStudyTeam

• Seven or more years of experience in a dedicated technical security role is required.
• Two or more years of experience with Azure is required.
• Five or more years with Azure and AWS preferred.
• Experience with Microsoft Sentinel or Exabeam SIEM preferred.
• Experience with Crowdstrike preferred.
• Proficiency in Python for programmatic data analysis and automation is required.
• A deep understanding of modern application stacks is required, including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or Azure.
• Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives.
• Understanding modern source control systems (e.g., Git, Gihub) is required.
• Desire to mentor other security team members while collaborating with senior engineers is required. 
• Prior experience collaborating with Data, Engineering, DevOps/SRE, and Product teams to assess technical security risks is preferred.  
• Experience leading technical incident response or vulnerability management for modern web applications and infrastructure is a strong plus.