Lead Security Engineer

Summary

Join OneStudyTeam, a Reify Health company, as a Lead Data Security Engineer and become a leading expert in securing web applications, APIs, and cloud infrastructure. You will collaborate with engineers to assess security, develop solutions, and lead incident response. This role requires 7+ years of experience in technical security, proficiency in Python, and a deep understanding of modern application stacks. You will mentor team members and contribute to improving OneStudyTeam's security program. The position involves integrating with various teams to ensure the security of applications and data flows within the StudyTeam SaaS platform.

Requirements

• 7 or more years experience in a dedicated technical security role is required
• Proficiency in Python for programmatic data analysis and automation is required
• Deep understanding of modern application stacks including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or GCP is required
• Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives is required
• Understanding of modern source control systems (e.g., Git, Gihub) is required
• Desire to mentor other security team members while concurrently collaborating with senior engineers is required

Responsibilities

• Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools
• Develop solutions to enable and enhance security of StudyTeam SaaS applications, associated data transfers, and infrastructure (AWS)
• Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through 3rd party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g, DevOps/SRE, Software Engineering)
• Play a key role in the selection, design, configuration and use of additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP)
• Serve as a technical leader on incident response for web applications and infrastructure
• Recommend, drive, and implement improvements to One StudyTeam’s Security Program, including how the program is integrated within the SDLC
• Author, and when appropriate delegate to team members, formal technical risk assessments documenting security findings and outlining required mitigating controls
• Participate in the selection and implementation of a re-imagined SIEM solution

Preferred Qualifications

• Prior experience collaborating with Data, Engineering, DevOps/SRE andProduct teams to assess technical security risks is a strong plus
• Experience leading technical incident response for modern web applications and infrastructure is a strong plus