Remote Security Engineer

Description:

• As a Security Engineer at Air Apps, you will be responsible for safeguarding our applications, infrastructure, and data from threats and vulnerabilities.
• You will work closely with development, DevOps, and IT teams to implement secure coding practices, vulnerability scanning, and threat modeling to ensure our systems remain resilient against cyber threats.
• Your expertise will help build and maintain a secure development lifecycle (SDLC), security monitoring frameworks, and proactive risk mitigation strategies.
• Responsibilities include developing and implementing threat modeling to identify security risks, conducting vulnerability scanning, penetration testing, and security assessments to detect weaknesses.
• You will define and enforce secure coding practices in collaboration with development teams and work with DevOps to integrate security into CI/CD pipelines and automate security testing.
• Monitoring and responding to security incidents, conducting root cause analysis, and implementing preventative measures will also be part of your role.
• You will ensure compliance with security standards and regulations such as ISO 27001, GDPR, and SOC 2.
• Designing and implementing identity and access management (IAM) policies, encryption standards, and authentication mechanisms will be required.
• Collaborating with product teams to conduct security reviews of features, APIs, and third-party integrations is essential.
• You will develop incident response plans, security documentation, and best practices while staying ahead of emerging threats, vulnerabilities, and security technologies.

Requirements:

• You should have around 4+ years of experience in cybersecurity, application security, or security engineering.
• A strong knowledge of secure coding principles, OWASP Top 10, and threat modeling techniques is required.
• Experience with vulnerability scanning tools such as Nessus, Qualys, and Burp Suite, as well as penetration testing methodologies, is necessary.
• Hands-on experience with SIEM, intrusion detection systems (IDS), and security monitoring tools is expected.
• Proficiency in scripting and automation using Python, Bash, or PowerShell for security tasks is essential.
• Familiarity with cloud security in AWS, Azure, or GCP, including IAM and workload protection, is required.
• Knowledge of encryption protocols, network security, and API security best practices is necessary.
• Experience working with DevSecOps and integrating security into CI/CD pipelines is important.
• You should have the ability to analyze security logs, detect anomalies, and mitigate potential threats.
• Excellent problem-solving skills and the ability to communicate security concepts to non-technical stakeholders are essential.

Benefits:

• We offer a remote-first approach with flexible working hours to support your work-life balance.
• You will receive Apple hardware as part of our work ecosystem.
• Flexible Paid Time Off (PTO) is provided to help you maintain a healthy work-life balance.
• An annual bonus is included as part of the compensation package.
• Top-tier health insurance is offered for your peace of mind.
• A public transportation pass is provided to support your commuting needs.
• The Coverflex benefits package includes meal allowances, well-being support, and more.
• You will have the opportunity to attend the Air Conference 2025 in Las Vegas, allowing you to meet the team, collaborate, and grow together.