Senior Security Engineer

Senior Security Engineer Department: 508 Production Operations Employment Type: Full Time Location: Remote, United States of America Description We are seeking a Senior Security Engineer with a strong background in application security and penetration testing to join our team. This person will be responsible for safeguarding our SaaS platform and performing security testing on behalf of our clients. The role requires a balance of software engineering expertise, hands-on security testing, and strong communication skills to work with both internal teams and external stakeholders. Key Responsibilities • Plan, execute, and document penetration tests against applications, APIs, and cloud infrastructure in a SaaS environment. • Simulate real-world attacks to identify vulnerabilities and provide clear remediation guidance to development teams. • Partner with product and engineering teams to embed security throughout the SDLC. • Conduct threat modeling and security architecture reviews for the new features. • Conduct code reviews with a focus on secure coding practices. • Manage and operate security tools for vulnerability scanning, SAST/DAST, and log monitoring. • Support compliance, risk assessments, and client security reviews. • Provide training and guidance on secure design, coding, and deployment. Skills, Knowledge & Expertise • BS degree or above in Computer Science, Information Security, or related field (or equivalent experience). • Certified Application Security Engineer (CASE) Java certification. • Proven experience in penetration testing, red teaming, or ethical hacking in SaaS/cloud environments. • Good knowledge of Java and Java Enterprise technologies (architecture, design, development). • Strong programming, debugging, and optimization skills; solid understanding of OOP fundamentals. • Experience with Spring MVC / Spring Boot, Hibernate / JPA, DB schema design, caching services, and data access technologies. • Familiarity with Cloud Foundry, Kubernetes, Docker, and securing containerized applications. • Hands-on with cloud platforms (AWS, Azure, or GCP), including cloud security controls. • Knowledge of authentication, authorization, encryption, and secure API design. • Experience with penetration testing tools (Burp Suite, Metasploit, Kali, etc.) and vulnerability scanners. • Understanding of common vulnerabilities (e.g., OWASP Top 10, SANS 25). • Strong written/verbal communication skills to document findings and present results to clients and stakeholders. • Excellent teamwork and collaboration skills; proactive and flexible self-starter. • Fluent in English (oral and written). Apply tot his job