Key skills
Application SecurityCloud Platforms - AzureCloud Platforms - AWSCloud Platforms - GCPMicrosoft .NETC#JavaScriptReactEmberJSPythonPowerShellBashAI Development ToolsPortswigger BurpSAST ToolingSCA ToolingDAST ToolingSecurity Alerting and DetectionSecurity AutomationEDRMDMRisk and Vulnerability AssessmentPenetration TestingSecurity TrainingSecurity Roadmap DevelopmentC.NETAIClaudeAWSAzureGCPGitHub ActionsAzure DevOpsGitHubCommunication
About this role
Karbon is the global leader in AI-powered practice management software for accounting firms. They are seeking a development and cloud-focused Senior Security Engineer to join their expanding security team, responsible for embedding security practices within development processes and collaborating across various teams to enhance security posture.
Responsibilities:
- Partner with different areas within Karbon - You will make sure security is embedded from the start from feature design and development to participating in design reviews and threat modelling
- Balance Security and Delivery - You know how to balance delivery needs with security and can communicate security risks and issues to non technical stakeholders. You understand when it's important to push back, when to compromise and how to work with delivery teams to reach a great outcome
- You keep up to date on the latest technologies and approaches - You are excited by the new developments such as AI bring to security but also understand the importance of security foundational practices such as good account hygiene, least privilege, attack surface reduction and MFA
- Identify and assess security risks introduced by AI tools - You'll assist with reviewing the risks of AI tooling usage & Integration and AI-generated code
- Apply AI-assisted tooling to accelerate security work - you understand the impact AI can have and utilize it across many areas including triage, threat detection, code review, and documentation
- Flexibility and confidence to work across multiple security domains - We're a small team responsible for Security at a fast moving company and you'll get exposure to many different security domains; you could be assisting with refining and investigating corporate IT security processes in the morning, reviewing a cloud hosted system after lunch and then tweaking detection rules!
- Work effectively as part of a team - Security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbon's security posture. You are happy to answer questions and offer advice to teams that will reach out for your assistance
- Own your work - You take pride in your work, feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers' valuable data secure. This sense of ownership is paramount, and you share this commitment
- Bring your passion and personality - Your creativity, curiosity, and authentic self make the team stronger. If you've worked in highly political environments, you'll find our culture, free from office politics and valuing openness and authenticity, a refreshing change
- Help us measure improvement and steer our roadmap - Contribute to Security Metrics so we can track progress and feedback into our roadmap
Requirements:
- 4+ years experience in a security or development role across most of the following:
- Collaborating with teams to review designs & implementations for security issues and embedding good security practices across software development
- Triaging issues and reports, assisting teams to remedy items and testing fixes
- Working with external penetration test companies to validate and prioritize findings
- Conducting risk and vulnerability assessments of web applications and APIs and third party suppliers and integrations
- Configuring and tuning SAST, SCA and DAST Tooling
- Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
- Assisting with implementing security focused alerting and detections and automations
- Conducting and facilitating organizational & developer focused security training
- Assisting with operational security items such as EDR alerts and MDM
- Contributing to our security roadmap
- Strong communication skills (spoken and written)
- Some of the following Languages/Frameworks: Microsoft .NET/C#, JavaScript (we use React and EmberJS frameworks and, Python)
- At least one cloud platform: Azure, AWS or GCP (we use Azure predominantly)
- Working knowledge of PowerShell or Bash and Python
- Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
- Portswigger Burp or similar
- Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related are nice to have
- Experience with securing AI applications, systems and AI tooling would be highly regarded