RemoteLeaf Logo
Log in Sign up

Senior Security Engineer

1 hour, 1 minute ago
United States, Canada
Full-time
Senior
Security Engineer
Cybersecurity
AWS DevSecOps JavaScript Node.js OAuth OWASP Penetration Testing REST API SIEM SQL WAF
Apply Now
AutoFi

AutoFi

AutoFi is the leading commerce platform for digital automotive sales and financing, empowering dealers to sell smarter and more efficiently.

Automotive
51-250
Founded 2015
$114M raised
View All Jobs

Description

  • Define, implement, and maintain security practices, standards, and controls across products, services, cloud environments, and internal systems.
  • Partner with engineering and product teams to conduct security design reviews for new features, architecture changes, sensitive workflows, and production deployments.
  • Design and implement secure development practices and security standards across engineering teams.
  • Support secure software development lifecycle activities, including secure design, threat modeling, secure coding, security testing, and risk-based remediation.
  • Implement, operate, and improve DevSecOps tooling and processes such as SAST, DAST, SCA, secret scanning, and dependency analysis.
  • Assess infrastructure, web applications, and cloud environments to identify, prioritize, and help remediate security risks.
  • Triage vulnerability findings from security tools, penetration tests, vendor assessments, external reports, and internal reviews.
  • Conduct proactive threat hunting using telemetry from cloud, application, identity, endpoint, and security systems.
  • Improve security operations processes through alert tuning, detection logic, workflow automation, and post-incident lessons learned.
  • Define, implement, and maintain third-party risk management policies, procedures, standards, and assessment workflows.
  • Conduct and support vendor security assessments and help reduce risks related to third-party vendors, SaaS platforms, integrations, service providers, and business partners.

Requirements

  • 6+ years of experience in security engineering, application security, cloud security, security operations, or a related security function.
  • Experience designing and implementing security controls for modern SaaS, cloud, web application, and API environments.
  • Hands-on experience with secure design reviews, threat modeling, secure code review, vulnerability assessment, and OWASP-based testing methodologies.
  • Strong understanding of SAST, DAST, IAST, and SCA tooling.
  • Experience with web and cloud security controls and frameworks.
  • Familiarity with network and web application protocols including HTTP/S, SAML 2.0, OAuth, and REST APIs.
  • Experience with SIEM platforms, alert triage, security investigations, detection workflows, and incident response procedures.
  • Familiarity with indicators of compromise, indicators of attack, threat hunting techniques, and incident escalation processes.
  • Industry experience building data-driven applications with JavaScript, Node.js, and NoSQL.
  • Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or a relevant degree, with the ability to demonstrate strong logical thought processes.
  • Ability to communicate security risks clearly to engineering, product, compliance, business, and executive stakeholders.
  • Comfort operating in a fast-paced environment with evolving priorities and shared ownership across multiple security domains.
  • Experience with common threat modeling frameworks such as STRIDE or DREAD is preferred.
  • Experience with cloud-based WAF solutions and web application protection strategies is preferred.
  • Familiarity with CNAPP, CSPM, CWPP, container security, runtime security, or cloud workload protection platforms is preferred.
  • Experience with source code security platforms such as GitHub Advanced Security or similar tools is preferred.
  • Experience conducting proactive threat hunting across cloud, identity, endpoint, network, SaaS, and application telemetry is preferred.
  • Familiarity with ethical hacking and penetration testing tools and methodologies is preferred.
  • Experience with AWS security best practices and native controls and services is preferred.
  • Prior automotive or FinTech experience is preferred.

Benefits

  • $175,000 - $185,000 annual salary range.
  • Medical, dental, and vision coverage.
  • 100% premium coverage for employees and 50%+ coverage for dependents.
  • Flexible work hours.
  • Remote work environment.
  • Up to $1,000 per year for employee professional development.
  • Stock options.
  • Competitive total rewards package with potential bonus, company equity, and health benefits.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Sporty Group

Senior Purple Operations Engineer

Sporty Group 51-250 Media

Sporty is hiring a Purple Operations Engineer to improve the quality and reliability of security detections across its security monitoring environment and turn threat findings into actionable defensive controls.

Europe Full-time Senior Security Engineer
Azure Bash Cloudflare Confluence GitHub GitLab JIRA Kubernetes Lucene PowerShell Python SIEM SOC
32 minutes ago
Ivanti

Senior Software Engineer | Python | GoLang | Containerization | Cloud

Ivanti 1K-5K Internet Software & Services

Ivanti is seeking a Senior Software Engineer on its U.S. Threat Operations team to build security automation and internal applications that strengthen the company’s cloud and endpoint security posture.

Remote
Full-time Senior Security Engineer Software Engineer
Angular AWS Azure Docker Go JavaScript Kubernetes Linux Microservices OAuth Python REST API SAML TypeScript
47 minutes ago
Blueprint Technologies

DevSecOps Engineer

Blueprint Technologies 251-1K Internet Software & Services

Blueprint is hiring a DevSecOps Engineer to support secure cloud infrastructure, deployment automation, and operational reliability for enterprise analytics platforms and applications.

United States Full-time Senior DevOps Engineer Security Engineer
$95k-$105k
Argo CD AWS CI/CD DevSecOps Docker GitHub Actions Jenkins Kubernetes OpenShift Terraform
47 minutes ago
MetroStar

Sr. Information Systems Security Engineer III (6618)

MetroStar 251-1K IT Services

MetroStar is seeking a Sr. Information Systems Security Engineer III to embed Zero Trust principles into security engineering for air-gapped and classified environments, helping maintain risk posture across the system lifecycle.

United States Full-time Lead Security Engineer
$175k-$200k
Cybersecurity
1 hour, 1 minute ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers