Logo
ShiftCode Analytics

Security Engineer

ShiftCode Analytics, San Francisco, California, United States, 94199


Interview : Video

Visa : All apart from H1b and CPT

This is hybrid from day-1. Candidate must be local.

Description : Qualifications:

4+ years of security engineering experience OR equivalent experience in a SWE/DevOps role and an interest in working on security engineering initiatives Familiarity with security detection techniques (SAST, DAST, IAST, SCA), threat modeling frameworks (OWASP, MITRE, STRIDE, DREAD), and how they are used together to improve product security through design reviews A solid understanding of modern software development principles and design patterns, including the ability to write clean, efficient, and maintainable code (in Java, Typescript, Python, etc.) Familiarity with Agile, DevOps, CI/CD, and cloud-based infrastructure like AWS Curiosity and a willingness to learn Responsibilities:

As a Security Engineer, you will help identify and drive impactful projects to improve the security of their platform, products, and internal systems You will partner closely with teams across the company and focus on systemic security improvements and risk reduction You will also maximize your security skills to support and participate in operational security responsibilities like security reviews and consulting, threat research/bug-bounty triage, incident response, and risk management Perform technical security assessments, code audits, and design reviews Clearly communicate the risk of security issues to developers, including proof-of-concept code as necessary to demonstrate the potential severity Partner with Engineering to establish comprehensive visibility into potential risk events across a cloud-native environment Create and refine telemetry, detection capabilities, and response playbooks required to detect, prevent, and respond to cyber risk events efficiently Manage risks by implementing robust security capabilities for repeatable predictable outcomes and maturation, and by coordinating incident response workflows Influence Engineering and Product teams to prioritize and implement all stages of the Vulnerability Management life-cycle - detection, analysis, remediation and disclosure Participate in team on-call rotation to support our penetration-testing, bug-bounty, and vulnerability-management programs