Remote Information Security Engineer

Description:

• The Information Security Engineer will help drive and implement the company’s application security program.
• This position works closely with Engineering, DevOps, Product, and other team leads across the organization to build security into the product lifecycle from design through deployment.
• Daily tasks may include performing security reviews, educating the business on secure SDLC, collaborating with development teams on threat modeling, working with engineers to remediate identified risks, or managing application security tools.
• The role involves securing a large spectrum of sensitive and highly regulated data, ensuring compliance with regulations, internal policies, and customer requirements.
• Key responsibilities include evangelizing application security fundamentals, implementing and leveraging SAST/DAST/SCA security tools, guiding security activities, triaging application risks, collaborating with engineering, generating AppSec metrics, making recommendations on development processes, creating technical documentation, and contributing to security awareness training.
• The engineer will also develop scripts and tools to automate repetitive security tasks and build custom solutions to integrate security tools with existing systems.

Requirements:

• A Bachelor's degree in Cyber Security, Management Information Systems, Computer Science, Information Science, or equivalent work experience is required.
• A minimum of 5 years of related work experience in the Application Security field is necessary.
• A strong understanding of Cloud Security in AWS, specifically IAM Roles Policies, Security Groups, and Encryption methodologies is essential.
• Strong communication and relationship-building skills are required, with a high degree of comfort speaking with developers, IT executives, and business partners.
• Proficiency in coding/scripting languages such as Python and Go is needed.
• Significant experience in performing security-focused application design reviews, threat modeling, manual code reviews, container security, and ethical hacking is required.
• Experience implementing and working with SAST/DAST/SCA security tools is necessary.
• Deep knowledge of security vulnerabilities, risk assessment, and remediation guidance is essential.
• Knowledge of authentication and authorization options and standards is required.
• Strong experience using common security testing tools and techniques for security assessments, particularly in web or mobile penetration testing, is necessary.
• Familiarity with modern web, mobile, and API development practices is required.
• The ability to read and write code in at least one programming language is essential.
• Knowledge of CI/CD practices and experience incorporating security requirements into a SDLC is necessary.

Benefits:

• Competitive compensation and benefits are offered to employees.
• The company fosters an environment where innovation thrives and every contribution is valued and celebrated.
• Employees are empowered with flexibility and resources to expand their skills.
• The work done at G-P positively impacts lives around the world, contributing to the mission of breaking down barriers to global business.
• G-P is committed to building and maintaining a diverse, equitable, and inclusive culture that celebrates authenticity.