Security Engineer II

Summary

Join a brilliant team making history to evolve the commerce industry at fabric, a next-generation commerce platform that provides services for customers to build world-class experiences. We're looking for a security engineer with experience in application security and threat modeling methodologies to drive secure code design and integration of our software stack.

Requirements

• 5+ years of prior experience in security engineering/applications security
• 2+ years of experience with AWS
• Experience with scripting languages such as Python or JavaScript
• Experience working with OWASP and NIST security standards and frameworks
• Experience within DevSecOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitHub, GitLab, etc
• Ability to establish and report metrics and KPIs to the executive leadership team to measure the effectiveness of Security Engineering

Responsibilities

• Ability to work independently and as part of a team
• Experience in threat modeling methodologies (e.g. STRIDE, DREAD) and tools to develop and maintain threat models that reflect the organization's security posture
• Experience working with developers to communicate deficiencies and implement security measures
• Design, deploy, and maintain centralized security tools, technologies, and controls to monitor and protect our infrastructure and applications
• Help build and maintain runbooks and document policies and procedures
• Develop and maintain security metrics to track progress toward security goals
• Maintain essential skills in modern technology. Use automation wherever possible
• Conduct security reviews for new and existing software systems, integrations, and operational processes, which includes security testing and vulnerability scanning
• Review and enhance access controls, authentication mechanisms, and data encryption methods
• Collaborate with IT, development, and operations teams to integrate security best practices into our systems and software development lifecycle
• Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines
• Assess, identify, and monitor security risks, vulnerabilities, and threats, and develop effective mitigation strategies with engineering stakeholders to ensure timely remediations
• Educate and train employees on security awareness and best practices
• Assist systems integration with fabric customers to ensure security best practices
• Provide guidance and mentorship to junior team members
• Participate in security detection, incident response, and post-response activities
• Stay up-to-date with industry trends, emerging threats, and security standards to adapt and improve our security posture
• Support and drive compliance programs with relevant regulations and industry standards (e.g., PCI DSS, SOC2, NIST)

Preferred Qualifications

• Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, GCP, VMWare)
• Experience with SIEM tools. Prefer experience with tools such as Splunk or Datadog
• Proven experience in information security, with a focus on ecommerce or web applications
• Strong knowledge of security architectures, cloud deployment paradigms, and common security principles
• Excellent written and verbal communication skills
• Hands-on knowledge of AWS security tools e.g., AWS WAF, AWS Cloudtrail, AWS Guard Duty, AWS Security Hub. Prefer AWS Security Speciality certification
• Experience securing the software supply chain including implementing appropriate controls across the SDLC and managing change along the way
• Experience with code review, SAST, DAST, SCA, container security, IaC scanning
• Experience with containers, enterprise container orchestration, and related tools such as Docker, Rancher, Kubernetes, and public cloud container services
• Experience working across teams to drive the adoption of security best practices
• Understanding of security automation within DevOps and CI/CD processes including vulnerability identification and management
• Experience integrating security solutions into CI/CD workflows and toolsets

Benefits

• Competitive compensation packages
• PTO and Holiday plans
• Benefits packages which include Medical, Dental, Life, and Vision
• Wellness & Technology Programs
• 401k Program