Remote Senior Staff Security Engineer (Architect), Remote

Description:

• The Senior Staff Security Engineer (Architect) will be responsible for designing, implementing, and maintaining security services that support the business.
• This role requires a deep understanding of application security, security tools, engineering environment setup, and data architecture.
• The Security Architect will work cross-functionally to ensure the security of the digital landscape and drive impactful outcomes.
• Application Security: Design and deploy advanced security controls to safeguard applications, establish secure Software Development Life Cycle (SDLC) and DevSecOps processes, conduct code reviews, threat modeling, and vulnerability assessments using Static/Dynamic Application Security Testing (SAST/DAST) methodologies and tools, and implement security controls for web-based SaaS applications, including API Security and Web Application Firewalls (WAF).
• Security Tools: Evaluate, deploy, and maintain a suite of security tools, including SIEM, IDS/IPS, DLP, endpoint protection, and threat intelligence platforms, integrate security tools into the organization’s infrastructure, and automate security processes using scripting languages such as Python and PowerShell.
• Engineering Environment Setup: Work with IT, DevOps, and engineering teams to ensure secure deployment and operation of applications within Cloud Native environments (AWS, Azure, GCP), develop automated security testing and validation systems using tools like Terraform and CloudFormation, and shape security services strategy and execution across disciplines.
• Data Architecture: Architect and develop secure data systems, ensuring the protection of sensitive data such as Electronic Health Records (EHR) and Clinical data, implement and manage tools for continuous vulnerability scanning and patch management, and leverage data to understand trends, metrics, and opportunities to improve security posture.

Requirements:

• A BS/BTech (or higher) in Computer Science, Information Technology, Cybersecurity, or a related field, or 10 years of security domain experience without a degree is required.
• A minimum of 6 years of experience in securing and deploying applications within Cloud Native environments is necessary.
• At least 3 years of experience in a dedicated application security role is required.
• Extensive experience with security tools and methodologies is essential.
• Proficiency in coding languages such as Python, R, C++, and JavaScript is required.
• Strong familiarity with server-side web technologies (e.g., Java, Python, Scala, C#, C++, Go) is necessary.

Benefits:

• Flexible work schedules and the ability to work remotely are available for many roles.
• Health, dental, and vision insurance is paid up to 80% for employees, dependents, and domestic partners.
• A robust time-off plan includes 21 days of PTO in the first year, two paid volunteer days, and 11 paid holidays.
• Twelve weeks of paid parental leave is provided for all new parents.
• Six weeks of paid sabbatical is available after six years of service.
• An Educational Assistant Program and Clinical Employee Reimbursement Program are offered.
• A 401(k) plan with up to a 4% match is available.
• Stock options and many other benefits are included.