Security Engineer

Job Title: Security Engineer

Job Description

• Act as a key bridge between Security, DevOps, and Development teams to embed security across the SDLC
• Support and enhance DevSecOps practices with a focus on automation in CI/CD pipelines
• Drive application security automation, including:
• API security testing (auth, data exposure, access control)
• External exposure/attack surface management
• Ensure adoption of secure coding practices through developer collaboration and training
• Integrate and maintain security tools (SAST, DAST, SCA) within development workflows
• Track, prioritize, and support vulnerability remediation within defined timelines
• Monitor and manage risks related to internet-facing applications and exposure
• Collaborate on root cause analysis and continuous security improvements
• Maintain documentation and reporting of security findings and remediation progress
• Ensure alignment with security standards (OWASP, NIST) and organizational policiesJob Description:

This role will act as the primary bridge between the Security team, DevOps, and Development teams, ensuring that security is embedded across every phase of the software development lifecycle. The role will support the implementation and continuous improvement of DevSecOps practices, drive automation in application security assessments (including API security and external exposure management), assist in vulnerability remediation, and collaborate closely with development teams to enforce secure coding standards. Responsibilities: Work closely with application developers to ensure secure coding practices are followed, proactively identifying security gaps and recommending effective remediation solutions. Provide training and guidance to developers on secure coding standards, application security risks, and the effective use of security tools integrated into CI/CD pipelines. Collaborate with DevOps and Security teams to implement and enhance DevSecOps practices, focusing on automation of security testing (SAST, SCA, DAST) within CI/CD pipelines. Drive automation initiatives for application security assessments, including: API security testing (authentication, authorization, rate limiting, sensitive data exposure) External exposure management (internet-facing asset discovery, attack surface monitoring, vulnerability identification) Integrate and maintain automated security tools for continuous assessment of applications, APIs, and externally exposed assets. Act as a liaison between development and security teams to ensure vulnerabilities identified through scans (SAST, DAST, SCA, API testing, external scanning) are tracked and remediated within defined timelines. Assist in identifying and mitigating application security risks, ensuring alignment with organizational policies and industry standards (OWASP, NIST, etc.). Track and report the status of vulnerability remediation and ensure timely closure of findings. Document security findings, automation improvements, remediation actions, and updates to the DevSecOps pipeline. Collaborate with cross-functional teams to perform root cause analysis, strengthen security controls, and continuously improve the application security posture. Support security assessments for internet-facing applications, ensuring proper validation of MFA, SSO, and exposure risks. Location: COL Work-at-Home Language Requirements: Time Type: Full time