Senior Security Engineer
Chicago, Illinois, United States of America
Full Time
2 hours ago
$140,000 - $165,000 USD
Visa Sponsor
Key skills
AWSCloudKubernetesPythonReactReact NativeRubyRuby on RailsTerraformGoAIRailsECSEKSIAMSource ControlCI/CDOWASPCloud SecurityWAF
About this role
Role Overview
- Harden the security posture of our AWS environment, our public-facing perimeter, and our software development pipeline.
- Partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, CI/CD, and applications.
- Configure tooling, write and tune detection and blocking rules, review architecture, harden pipelines, and support application security work where your range is needed.
- Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation.
- Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
- Reduce risk across IAM, network segmentation, ECS and container security, secrets management, and data exposure.
- Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
- Harden CI/CD pipelines and secrets that flow through them in partnership with DevOps.
- Build controls the SOC can monitor and respond to, and document the runbooks for the systems you own.
- Operate and tune SAST, SCA, and Secret Scanning tooling integrated with our source control.
- Partner with our Application Security Engineer on code reviews and threat modeling across our Ruby on Rails, React Native, Python, and Go codebases.
- Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
- Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
- Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.
- Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.
Requirements
- 5+ years of hands-on security engineering experience across cloud security and/or application security, with demonstrated depth in at least one.
- Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with a CSPM or CNAPP platform.
- Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
- Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
- Working knowledge of OWASP Top 10, secure code review, SAST/DAST/SCA tooling, and threat modeling.
- Experience running or substantially contributing to a vulnerability management program.
- Proficiency in at least one programming language used in modern application stacks, such as Python, Go, or Ruby.
- Operates independently and drives projects without day-to-day oversight.
Tech Stack
- AWS
- Cloud
- Kubernetes
- Python
- React
- React Native
- Ruby
- Ruby on Rails
- Terraform
- Go
Benefits
- Considerable employer contributions for health, dental, and vision programs
- Generous PTO, paid holidays, and paid parental leave
- 401(k) matching program
- Merit advancement opportunities
- Career development & training