Senior Cybersecurity Engineer

Summary

Join Spreedly's Information Security Team as a Senior Cybersecurity Engineer and play a crucial role in fortifying our systems against evolving cyber threats. Reporting to the Chief Information Security Officer, you will leverage your expertise in security operations to ensure the confidentiality, integrity, and availability of Spreedly's data. This senior position offers a unique opportunity to contribute to a dynamic, high-growth organization focused on application, CDN security, and vulnerability management. You will collaborate with various teams, implement security tools, and mentor team members. The role requires extensive experience in cybersecurity, application security, and vulnerability management, along with proficiency in programming and scripting languages. Spreedly offers competitive compensation and benefits, including comprehensive health insurance, paid time off, and professional development opportunities.

Requirements

• 5+ years of experience in cybersecurity, with a focus on application security, CDN security, and vulnerability management
• Proficient in programming and scripting languages such as Python, Ruby, JavaScript, or similar
• Experienced in Linux systems management (e.g., AmazonLinux, Ubuntu, RHEL) and cloud environment (e.g., AWS, Azure, Google Cloud) configuration and management
• Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, GitHub Advanced Security) and CDN platforms (e.g., Fastly, Akamai, AWS CloudFront)
• In-depth knowledge of secure coding practices, OWASP Top 10, and common attack vectors
• Strong understanding of vulnerability management frameworks and tools (e.g., Crowdstrike, Qualys, Rapid7)
• Ability to convey complex security concepts to technical and non-technical audiences

Responsibilities

• Perform comprehensive security assessments of applications, including static and dynamic code analysis, threat modeling, and penetration testing
• Coordinate Spreedly’s penetration testing program working with internal and external stakeholders
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and advocate for secure coding practices
• Implement and manage application security tools, such as WAF, SAST, DAST, and RASP solutions
• Develop and maintain secure design and coding standards
• Design and implement security measures for CDNs to protect against DDoS attacks, data breaches, and other threats
• Monitor CDN configurations to ensure optimal performance and robust security
• Work closely with infrastructure, IT Security, and DevOps teams to monitor and respond to security incidents
• Manage vulnerability scans and the remediation lifecycle, prioritizing vulnerabilities based on risk
• Work across multiple teams to ensure timely patching and mitigation of security gaps
• Develop and maintain metrics and reporting to track the effectiveness of vulnerability management programs
• Conduct security monitoring activities, learning to evaluate system and network behaviors to detect and respond to potential security threats
• Act as the subject matter expert for incident response efforts for application and CDN-related security incidents, including root cause analysis and remediation
• Mentor team members and provide expertise to other teams within the organization
• Collaborate with compliance teams to ensure adherence to regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and others
• Stay updated on the latest security trends, threat intelligence, vulnerabilities, and attack vectors relevant to the organization’s technology

Preferred Qualifications

• Prior experience at a SaaS-based company or startup
• Relevant certifications such as CISSP, OSCP, CEH, or GIAC

Benefits

• Competitive salary + Equity
• Outstanding Medical and Dental benefits, including 100% employer-paid options
• Company-paid Life and Disability insurance
• Optional vision and supplemental insurance options, and various Flexible Spending Accounts (FSA)
• Open Paid Time Off policy + 12 weeks of paid leave for new parents
• Matching 401(k) plan (5% up to $5,000 yearly)
• Monthly home working/digital lifestyle stipend, new MacBook, and one-time accessory reimbursement
• Access to company-paid professional coaching service
• Visits to HQ in Durham, North Carolina for remote employees