Remote Senior Security Engineer

Summary

Join us in our mission to advance clinical research and improve patient care as a Senior Security Engineer, where you will become a leading subject matter expert on the security of modern web applications, APIs, cloud infrastructure, and corporate environment security.

Requirements

• Seven or more years of experience in a dedicated technical security role is required
• Two or more years of experience with Azure is required
• Proficiency in Python for programmatic data analysis and automation is required
• A deep understanding of modern application stacks is required, including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or Azure
• Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives is required
• Understanding modern source control systems (e.g., Git, Gihub) is required
• Desire to mentor other security team members while collaborating with senior engineers is required

Responsibilities

• Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools
• Develop solutions to enable and enhance the security of our services and infrastructure on Azure and AWS
• Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through third-party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g., DevOps/SRE, Software Engineering)
• Play a key role in selecting, designing, configuring, and using additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP)
• Serve as a technical leader on incident response for web applications and infrastructure
• Recommend, drive, and implement improvements to our Security Program, including how the program is integrated within the SDLC
• Will author and, when appropriate, delegate formal technical risk assessments to team members, documenting security findings and outlining required mitigating controls