Security Engineer

RSI is looking for a Security Engineer to join their Product Development organization. The role involves applying security principles and methods to evaluate security requirements, recommend actions, and mitigate risks while partnering with various teams to embed security into the software development lifecycle.

Responsibilities:

• Conducting security requirements gathering and analysis across application, infrastructure, and cloud components to identify threats, vulnerabilities, and control gaps aligned to NIST 800-53 and IRS Pub 1075
• Performing vulnerability scanning and triage using tools such as Tenable/Nessus, Veracode, and Microsoft Defender, validating findings, prioritizing remediation, and tracking issues through closure
• Partnering with product, engineering, and operations teams to embed security into the SDLC, evaluate emerging threats, and provide risk-based feedback that informs design and release decisions

Requirements:

• 3-5 years relevant software development/security experience & 2 years working experience with security vulnerability scanning tools
• Excellent communications skills
• Knowledge of cloud concepts
• Familiarity with one or more programming languages
• Strong understanding of software weaknesses (OWASP) and other frameworks
• Strong analytical problem-solving skills
• Experience in scanning .NET CORE applications
• Knowledge of Microsoft Azure
• Knowledge of Microsoft Defender and alert triage
• Understanding of risk concepts
• Security+ or greater certification
• 2+ years team-oriented security experience
• Familiarity with security vulnerability scanning tools
• Experience in Veracode or similar tool
• Experience in Tenable/Nessus or similar tool
• Proven ability to design and recommend mitigations to resolve security weaknesses and vulnerabilities
• Experience triaging customer provided application security scans or audit reports