Job title: Cloud Security Engineer
Job type: Permanent
Emp type: Full-time
Industry: Finance/Fintech
Functional Expertise: Application Security Engineer
Salary type: Annual
Salary: USD $230,000.00
Location: United States (Remote)
Job published: 2024-09-18
Job ID: 32270
Contact name: Ross Gisondi
Phone number: +19293951228
Contact email: ross.gisondi@hamptonnorth.com

Job Description

We are seeking a Cloud Security Engineer that will take the lead in incorporating security best practices throughout the software development lifecycle, from design to deployment, ensuring the security and integrity of our applications. This role demands expertise in application security, secure coding practices, and process enhancement. It offers a dynamic opportunity for the ideal candidate to effect substantial positive change by establishing streamlined development standards and processes across a diverse group of highly successful development teams in profitable businesses.

 

Compensation$220-250k base + 10-20% bonus

Logistics: This position is fully remote in the United States.

 

Here’s what you’ll be doing:

  • Partner with development teams to create and enforce secure coding standards and practices.
  • Perform security assessments and offer advice on architectural solutions to meet security needs.
  • Design and implement strategies for integrating security testing tools and methodologies into CI/CD pipelines.
  • Spearhead initiatives to automate security testing and vulnerability assessments within the development process.
  • Monitor and evaluate application security metrics to pinpoint trends and potential improvements.
  • Keep abreast of the latest threats and continuously update knowledge of best practices in application security.

And what you need to have:

  • At least 7 years of experience in application security, software development, or related areas.
  • In-depth knowledge of secure coding practices and awareness of common vulnerabilities (e.g., OWASP Top 10).
  • Proficiency in using security testing tools and technologies (e.g., SAST, DAST, dependency scanning).
  • Skilled in scripting and automating security processes (e.g., Python, PowerShell).
  • Strong knowledge of DevSecOps principles and securing pipeline deployments.
  • Strong communication and interpersonal abilities, capable of effectively collaborating with multidisciplinary teams.
  • Certifications such as CSSLP (Certified Secure Software Lifecycle Professional) are a plus.