Remote Senior Security Engineer

Summary

Join Oyster's global employment platform as a Senior Security Engineer, working remotely with a fully-distributed team. Embed security in the Software Development Lifecycle (SDLC), conduct security assessments, and collaborate with cross-functional teams to enhance security posture.

Requirements

• 5+ years of experience in application security, with a strong focus on SaaS environments
• Strong knowledge of security assessments, audits, and best practices for SaaS applications
• Experience in configuring and managing security controls and access management within a SaaS-centric environment
• Proficiency in using security testing tools such as SAST, DAST, and SCA
• Experience integrating security tools into CI/CD pipelines and automating security processes
• Familiarity with data protection regulations (e.g., GDPR, CCPA) and their implications for application security
• Understanding of identity and access management
• Strong problem-solving skills and the ability to communicate complex security concepts to technical and non-technical audiences

Responsibilities

• Embed Security in SDLC: Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC)
• Conduct security assessments, code reviews, and threat modeling exercises to identify and mitigate security risks
• Provide guidance on secure coding practices and remediation strategies
• SaaS Application Security: Conduct security assessments and audits of both in-house and third-party SaaS applications
• Ensure proper security controls and access management are implemented for SaaS tools
• Stay updated on emerging threats and vulnerabilities specific to SaaS environments and address potential risks proactively
• Security Tools and Automation: Implement and manage security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA)
• Integrate security tools into CI/CD pipelines for continuous security testing
• Monitor and analyze security tools' outputs to identify and address potential security risks
• Collaboration and Compliance: Work with the Data Protection/Privacy Team to ensure applications comply with relevant data protection regulations (e.g., GDPR, CCPA)
• Collaborate with the IT Team to ensure secure infrastructure configurations for hosting and deploying applications
• Partner with the Product Team to incorporate security requirements into product features from the design phase
• Training and Awareness: Develop and deliver security training and awareness programs for developers and relevant stakeholders
• Promote a culture of security awareness and best practices throughout the organization

Benefits

• Paid time off: 40 days off each year, including public/bank holidays and vacation/holiday leave (unless your country mandates more)
• Mental health support: Access to Plumm, a mental well-being service
• Wellbeing allowance: A monthly stipend for wellbeing expenses, topped up by Oyster in your ThanksBen wallet
• Flexible parental leave: A minimum of three months of paid parental leave and job protection for 12 months (or longer if required by local jurisdiction)
• WFH stipend: A stipend to spend on your laptop and any other equipment you need for your home office