Security Engineer

Summary

Join SingleStore, a cutting-edge database company, as a Security Engineer in our Managed Services team. You will drive secure software development lifecycle activities, stay updated on emerging security threats, and research evolving software security standards. Collaborate with engineering, product management, sales, and marketing teams to ensure secure product development and messaging. This role requires experience in software development and security, a strong understanding of security best practices, and familiarity with cloud-native technologies. SingleStore offers a flexible work environment and various benefits.

Requirements

• 2+ years experience in software development
• 2+ years experience in software security
• Strong understanding of security requirements, guidelines and best practices for building highly resilient hardened software systems (e.g. such as those from NIST, CIS, OWASP)
• Understanding of cloud-native and container technologies, as well as the security risks and countermeasures to secure them
• Comfortable with programming and/or scripting languages (preferred: Golang, C/C++, Python, shell/bash)
• Well-versed in supporting the design and implementation of secure software services and secure APIs, with a clear understanding of what a Secure Software Development LifeCycle (SSDLC) entails
• Understanding of encryption and key management systems
• Comprehensive knowledge in assessing vulnerabilities identified by security scanning tools and third party penetration testing engagements

Responsibilities

• Drive and support secure software development lifecycle activities and practices across SingleStore (e.g., Security Architecture, Threat Modeling, Secure Coding, Ethical Hacking, Incident Response)
• Stay abreast of emerging security threats and vulnerabilities to ensure the appropriate security controls and mitigations are built into SingleStore products and services
• Research and evaluate evolving software security standards, best-practices and guidelines to ensure alignment and coverage within upcoming product releases
• Provide re-usable solutions to identified software vulnerabilities from internal and external penetration tests
• Collaborate with the larger engineering division by providing role based training and guidance for software security
• Understand customer and partner software security requirements and interpret them to both technical and management audiences
• Work closely with Product Management to develop security requirements and acceptance criteria that clearly describe customer requested security features, capabilities and opportunities for growth initiatives
• Support the sales and marketing organization to ensure consistent and clear external messaging is presented describing the security posture of SingleStore products and services
• Help present software security initiatives to customers, partners and external stakeholders
• Assist with and support internal and external software security reviews and assessments
• Collaborate with the Information Security team on enterprise security projects and initiatives that require software engineering support

Preferred Qualifications

• Familiar and hands-on experience with security scanning tools (e.g., SAST, DAST, IAST, SCA)
• Experience in managed services security issues and architecture
• Demonstrable testing competency with a focus on penetration testing and ethical hacking
• Certifications in one or more of the following areas: CISSP, CCSP, CSSLP, OSCP, CEH
• Bachelors in Computer Science or Software Engineering
• Experience in working, presenting and communicating effectively with engineering, sales, marketing and product management in all aspects security-related, regardless of whether it’s a technical, management or executive audience
• Familiarity with Kubernetes and understanding of containerized/microservices-oriented architecture
• Experience developing software security features and product capabilities (e.g., SSO, key management, data masking, access control)
• Familiarity with data security frameworks and regulatory standards, including PCI DSS, GDPR and/or CCPA/CPRA, or/and FedRAMP

Benefits

• Technology Stipend for New Employees
• Monthly Cell Phone and Internet Stipend
• Health and Wellness benefit
• Company and team events
• Flexible time off
• Volunteer time off
• Stock Options