Key skills
Application SecuritySecure Code ReviewSASTDASTDependency ManagementOWASP Top 10Cloud SecurityAWSAzureGCPOCIShared Responsibility ModelIAMNetwork SegmentationCloud-native Security ServicesInfrastructure as CodeTerraformPythonVulnerability ManagementCVE Lifecycle ManagementBug Bounty Program OperationsPenetration TestingAI/LLM SecurityAILLMSDLCCI/CDOWASP
About this role
Hampton North is partnering with a growth-stage technology company to place a Security Engineer who will advance their security program across various domains. The role involves hands-on contributions to integrate security into the software development lifecycle and manage compliance efforts.
Responsibilities:
- You'll be embedded across the engineering org, working directly with development teams to build security into the SDLC from the ground up
- Day-to-day, that means leading threat modeling exercises, conducting secure code reviews, managing vulnerability intake and remediation workflows, and running the company's bug bounty and external pen testing programs
- You'll be responsible for integrating security tooling into CI/CD pipelines and hardening cloud environments across AWS, Azure, GCP, and OCI
- You'll also contribute to the development of AI/LLM security policies as the company continues to scale its use of emerging technologies, and support incident response efforts when needed
Requirements:
- Hands-on AppSec experience: secure code review, SAST/DAST tooling, dependency management, and working knowledge of OWASP Top 10
- Cloud security depth across at least two of: AWS, Azure, GCP, OCI—with an understanding of shared responsibility models, IAM, network segmentation, and cloud-native security services
- Infrastructure as Code fluency—Terraform or equivalent—with the ability to build and review security controls as part of automated pipelines
- Scripting and automation in Python for security tooling, triage workflows, or custom integrations
- Experience managing CVE lifecycle and vulnerability management programs end-to-end, from identification through validated remediation
- Familiarity with bug bounty program operations and coordinating external pen tests—scoping, triaging findings, and tracking remediation
- BS in Computer Science, Cybersecurity, Electrical Engineering, or equivalent experience
- Working knowledge of AI/LLM security considerations and emerging best practices in that space is a meaningful plus