Security Software Engineer
San Mateo, CA, USA
We are seeking a security-focused software engineer to join Evisort’s new security team and help drive securing our code base, infrastructure, and networks from a clean slate as the company (and security org) scales. This role will touch all areas of security at Evisort, with plenty of opportunities to learn new aspects of security and to lead areas where you have experience or interest.
What You'll Do:
- Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from reappearing or being created in the first place
- Design and build frameworks and services to improve the security of stack
- Roll out and manage cloud infrastructure security initiatives
- Improve stack logging, alerting, and detection automation, and respond to potential incidents
- Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM, and network security.
- Drive compliance initiatives that add actual security value
- Collaborate with other teams and stakeholders on security design, implementation, and process building
- Experience with finding, triaging, and fixing web application vulnerabilities, at least covering the OWASP Top 10, is required
- Ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
- Ability to communicate security concerns effectively to technical and non technical stakeholders
- A passion for security
- Experience with securing microservice architectures based around Docker and Kubernetes is a plus
- Familiarity with public clouds (AWS, Azure, GCP) preferred. Knowledge of cloud security best practices is a plus. Experience with multi-cloud architectures is a plus
- Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline is a plus
- Experience with SEIM tooling (Splunk, Elasticsearch) preferred. Experience with log management and alert automation a plus
- Experience with corporate security tools, including SSO, MDM, EDR, and corporate network security a plus
Your application has been successfully submitted.