Senior Security Engineer

What You'll Do

• Code Security Leadership: Drive and own the strategic security roadmap for code integrity across development teams, setting and enforcing enterprise-wide standards.
• Quality Gate Ownership: Design and enforce security quality gates, conducting rigorous code reviews, manual runtime testing, and automated scans to certify feature releases.
• Vulnerability Management: Spearhead vulnerability triage processes, collaborating with bug bounty researchers and prioritizing remediation based on risk, severity, and business impact.
• Engineering Collaboration: Partner with engineering leadership to embed secure coding practices, mentor developers, and drive the resolution of complex security issues, leveraging past MERN stack development experience to guide secure implementation.
• Advanced Security Testing: Design and execute comprehensive security testing, including penetration testing, vulnerability analysis, and audits for new features, ensuring compliance with security requirements before production deployment.
• HTTP Protocol Mastery: Apply expert-level knowledge of HTTP to secure and optimize requests and responses, including headers, cookies, and caching mechanisms.
• Networking Expertise: Leverage in-depth understanding of networking concepts (DNS, HTTPS, firewalls) to architect secure application communication.
• Browser Security Leadership: Drive the implementation of advanced browser security mechanisms, such as Content Security Policy (CSP), CORS, and secure cookie handling.
• Incident Response Leadership: Lead investigations into complex security incidents, performing root cause analysis and implementing robust preventative measures.
• Security Documentation: Author and maintain comprehensive security documentation, including policies, procedures, and system configurations, to support compliance and operational excellence.

What You'll Bring

• Prior experience as a MERN stack developer, with hands-on expertise in building and maintaining applications using MongoDB, Express, React, and NodeJS.
• Extensive experience with the MERN stack (MongoDB, Express, React, NodeJS) and securing applications in AWS environments.
• Proven expertise in managing DAST/SAST tools and handling vulnerability reports from bug bounty programs.
• Advanced knowledge of HTTP protocols, including headers, cookies, and browser behaviors.
• Deep expertise in software security principles, secure development practices, and modern web technologies (REST APIs, JSON, OAuth).
• Strong proficiency in networking fundamentals, including DNS, HTTPS, and TCP/IP.
• Demonstrated ability to identify and mitigate advanced security vulnerabilities (e.g., OWASP Top 10 and beyond).
• Extensive experience with security testing tools like Burp Suite or similar.
• Exceptional problem-solving, analytical, and leadership skills with a focus on detail and impact.

Preferred Qualifications

• Certifications such as CISSP, CEH, or Offensive Security certifications (OSCP, OSWA, OSWE).
• PortSwigger Academy Certification and/or significant experience with their labs.
• Extensive experience with HackTheBox or similar advanced security labs.
• Deep expertise in cloud security, particularly within AWS, including secure architecture design.
• Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, SOC 2).
• Experience mentoring junior engineers or leading security training initiatives.