Key skills
AIAWSAzureGCPIAMOAuthSAMLSDLCCI/CDLeadershipPrototypingOWASPCloud Security
About this role
Wrapbook is a smart, intuitive platform that simplifies production payroll and accounting. The Senior Security Engineer II will lead the security initiatives, ensuring the protection of applications and infrastructure while collaborating with engineering and product teams throughout the software development lifecycle.
Responsibilities:
- Own and lead the delivery of large, multi-quarter Application Security and Engineering initiatives, breaking them into smaller, shippable iterations
- Dive into framework internals and improve existing complex application security architectures (e.g., microservices, authentication systems, and API security)
- Balance tradeoffs and select appropriate security technologies and tooling (SAST, DAST, SCA) through researching, prototyping, and validation
- Provide guidance and incorporate guardrails for securing AI-based workflows
- Drive toward simplicity and easy-to-understand application security solutions
- Collaborate deeply with Product Engineering and DevOps teams to ensure secure technical implementations for highly complex, cross-group projects and features
- Proactively identify emerging industry threats, particularly in the application and cloud space, assess potential risk to the business, and recommend mitigative actions and controls
- Act as a trusted advisor to engineering and leadership on a broad range of application security and risk-based topics
- Operate as Incident Commander for large-scale, highly complex security incidents, focusing on application and data breach response, actively pursuing cross-functional resources as appropriate
- Partner cross-functionally on security process best practices and continuous improvement, embedding a culture of security into the SDLC
- Focus on fostering an environment of inclusion, allowing voices to be heard and valued at all levels
Requirements:
- 5+ years of dedicated experience in an Application Security, Product Security, or Security Engineering role
- Expert-level knowledge of the Software Development Life Cycle (SDLC) and experience implementing security gates (SAST/DAST/SCA) within CI/CD pipelines
- Deep technical understanding of common web application security vulnerabilities (OWASP Top 10) and mitigation strategies
- Familiarity with Cloud Security (AWS, GCP, or Azure) and container security concepts
- Strong working knowledge of identity and access management (IAM), authentication protocols (OAuth, SAML), and API security best practices
- Demonstrated ability to communicate clearly, build trust, and partner effectively across technical and non-technical departments