Security Engineer II

Summary

The job description is for a Security Engineer/Application Security role at fabric, a next-generation commerce platform based in San Francisco. The successful candidate will have prior experience in application security in the retail/ecommerce industry and be responsible for securing the company's infrastructure and applications.

Requirements

• 5+ years of prior experience in security engineering/applications security
• 2+ years of experience with AWS
• Experience with scripting languages such as Python or JavaScript
• Experience working with OWASP and NIST security standards and frameworks
• Experience within DevSecOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitHub, GitLab, etc
• Ability to establish and report metrics and KPIs to the executive leadership team to measure the effectiveness of Security Engineering

Responsibilities

• Ability to work independently and as part of a team
• Experience in threat modeling methodologies (e.g. STRIDE, DREAD) and tools to develop and maintain threat models that reflect the organization's security posture
• Experience working with developers to communicate deficiencies and implement security measures
• Design, deploy, and maintain centralized security tools, technologies, and controls to monitor and protect our infrastructure and applications
• Help build and maintain runbooks and document policies and procedures
• Develop and maintain security metrics to track progress toward security goals
• Maintain essential skills in modern technology. Use automation wherever possible
• Conduct security reviews for new and existing software systems, integrations, and operational processes, which includes security testing and vulnerability scanning
• Review and enhance access controls, authentication mechanisms, and data encryption methods
• Collaborate with IT, development, and operations teams to integrate security best practices into our systems and software development lifecycle
• Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines
• Assess, identify, and monitor security risks, vulnerabilities, and threats, and develop effective mitigation strategies with engineering stakeholders to ensure timely remediations
• Educate and train employees on security awareness and best practices
• Assist systems integration with fabric customers to ensure security best practices
• Provide guidance and mentorship to junior team members
• Participate in security detection, incident response, and post-response activities
• Stay up-to-date with industry trends, emerging threats, and security standards to adapt and improve our security posture
• Support and drive compliance programs with relevant regulations and industry standards (e.g., PCI DSS, SOC2, NIST)

Preferred Qualifications

Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, GCP, VMWare)

Benefits

• Competitive compensation packages
• PTO and Holiday plans
• Benefits packages which include Medical, Dental, Life, and Vision
• Wellness & Technology Programs
• 401k Program
• Fast-paced, fun and collaborative environment
• A team invested in you both personally and professionally