Software Security Engineer Job Description Template
Our company is looking for a Software Security Engineer to join our team.
Responsibilities:
- Perform deep architecture and security reviews on highly complex products to identify vulnerabilities;
- Develop and implement automation to eliminate entire classes of weaknesses across the organization;
- Influence and assist engineer teams in feature design, threat modeling, and security-critical code and architecture;
- Champion Application and Information Security both within the organization, and with our customers;
- Improving existing infrastructure and protections for Wish users;
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, penetration testing, code/design review;
- Bake security into every stage of the software development lifecycle;
- Designing and implementing tools to secure applications in a service oriented architecture;
- Evangelizing security best practices to the wider engineering organization;
- Building frameworks that other engineers can leverage to create secure services;
- Develop custom tools and automations that enable DevSecOps and SecOps;
- Evaluate and integrate security tools and solutions to improve corporate and product security posture;
- Protect Backend/Mobile/Web applications, Cloud infrastructure, and on-prem/SaaS IT systems.
Requirements:
- Experience working with cryptographic libraries and APIs;
- Strong grasp of networks and network security;
- 5+ years of professional experience;
- Interest in developing primarily in Node;
- Strong programmer;
- Experience testing and deploying cryptographic tools;
- Strong grasp of systems security fundamentals;
- Ability to juggle multiple responsibilities and prioritize automation over manual process;
- Expertise in one or more of the following areas: IT/Cloud/Application security;
- Strong foundation of security principles, protocols, vulnerabilities, and countermeasures;
- Experience in developing production-level software at scale;
- Demonstrated proficiency with development tools (e.g. Gradle, Jenkins) and languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript);
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI);
- Understanding of distributed systems and secure software architecture;
- 5 years of relevant professional experience.