Signifyd
Security Engineer
Signifyd, San Jose, California, United States, 95199
The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.
Responsibilities
You will perform the following responsibilities alongside other members of the information security team:
Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);
Triage security operations center (SOC) alerts as the Level II/III escalation support;
Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;
Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;
Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;
Perform internal security testing, assessments, and triaging of alerts from security tooling;
Conduct secure code reviews, secure design reviews, and threat modeling activities;
Support GRC activities through control evidence collection;
Contribute to operational support activities for all security capabilities. This includes preparing self-service operational support documentation for developers and project teams, responding to internal support chat groups;
Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;
Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.
Requirements
Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python;
Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;
1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;
Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.
#J-18808-Ljbffr
Responsibilities
You will perform the following responsibilities alongside other members of the information security team:
Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);
Triage security operations center (SOC) alerts as the Level II/III escalation support;
Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;
Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;
Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;
Perform internal security testing, assessments, and triaging of alerts from security tooling;
Conduct secure code reviews, secure design reviews, and threat modeling activities;
Support GRC activities through control evidence collection;
Contribute to operational support activities for all security capabilities. This includes preparing self-service operational support documentation for developers and project teams, responding to internal support chat groups;
Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;
Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.
Requirements
Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python;
Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;
1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;
Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.
#J-18808-Ljbffr