Software Engineer, Product Security

Lucidworks
Summary
Join our Engineering team as a Security Engineer and play a key role in building and scaling secure systems across our products and infrastructure. Collaborate with various teams to embed security into all stages of development, from design to operations. Identify and mitigate risks, champion secure practices, and directly impact the safety and resilience of our customer systems. This is a hands-on, fully remote role open to candidates in Latin America, South America, or the Caribbean. You will design and implement security controls, collaborate on risk assessment, conduct security reviews, monitor cloud systems, and lead incident investigations. You will also build automated security tools, improve CI/CD pipelines, and mentor engineers on secure practices.
Requirements
- Bachelorβs degree in Computer Science, Engineering, Cybersecurity, or a related field preferred
- 5+ years of experience in a Security Engineer, DevSecOps, or Software Engineering role with security responsibilities
- Strong understanding of secure software development practices and infrastructure security in cloud-native environments including Kubernetes (e.g., AWS, GCP, or Azure)
- Familiarity with modern web and API security concepts (e.g., OWASP Top 10, authentication, authorization, input validation)
- Experience with application scanning tools, static/dynamic analysis, and/or container security
- Proficiency with scripting or programming languages (e.g., Python, Go, JavaScript)
- Acceptable background check
Responsibilities
- Design and implement security controls and best practices across the software development lifecycle, infrastructure, and deployment pipelines
- Collaborate with engineering teams to identify, assess, and mitigate security risks in applications, services, and infrastructure
- Conduct threat modeling, code reviews, and architectural reviews to ensure secure design and implementation of systems
- Monitor logs and telemetry from cloud systems to detect suspicious activity and support incident response
- Lead or contribute to security incident investigations, root cause analysis, and postmortems
- Build and maintain automated tools to detect vulnerabilities in code, dependencies, and cloud infrastructure
- Champion security improvements in CI/CD pipelines and deployment practices, ensuring secure-by-default environments
- Partner with DevOps/Cloud Operations to improve secrets management, access controls, and infrastructure hardening
- Maintain and evolve incident response and disaster recovery plans, ensuring preparedness and resilience
- Provide mentorship, training, and guidance to engineers on secure coding and architectural patterns
- Stay current with evolving security threats, tools, and industry trends, and proactively propose improvements to protect systems and data
- Communicate security risks and trade-offs to technical and non-technical stakeholders
- All other duties as assigned
Preferred Qualifications
- Preferred certifications include CISSP, OSCP, or relevant cloud security credentials (e.g., Certified Kubernetes Security Specialist (CKS) )
- Familiarity with SaaS environments and tools such as Okta, Google Workspace, Slack, and GitHub