Software Security Engineer

Software Security Engineer Job Description Template

Our company is looking for a Software Security Engineer to join our team.

Responsibilities:

  • Perform deep architecture and security reviews on highly complex products to identify vulnerabilities;
  • Develop and implement automation to eliminate entire classes of weaknesses across the organization;
  • Influence and assist engineer teams in feature design, threat modeling, and security-critical code and architecture;
  • Champion Application and Information Security both within the organization, and with our customers;
  • Improving existing infrastructure and protections for Wish users;
  • Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, penetration testing, code/design review;
  • Bake security into every stage of the software development lifecycle;
  • Designing and implementing tools to secure applications in a service oriented architecture;
  • Evangelizing security best practices to the wider engineering organization;
  • Building frameworks that other engineers can leverage to create secure services;
  • Develop custom tools and automations that enable DevSecOps and SecOps;
  • Evaluate and integrate security tools and solutions to improve corporate and product security posture;
  • Protect Backend/Mobile/Web applications, Cloud infrastructure, and on-prem/SaaS IT systems.

Requirements:

  • Experience working with cryptographic libraries and APIs;
  • Strong grasp of networks and network security;
  • 5+ years of professional experience;
  • Interest in developing primarily in Node;
  • Strong programmer;
  • Experience testing and deploying cryptographic tools;
  • Strong grasp of systems security fundamentals;
  • Ability to juggle multiple responsibilities and prioritize automation over manual process;
  • Expertise in one or more of the following areas: IT/Cloud/Application security;
  • Strong foundation of security principles, protocols, vulnerabilities, and countermeasures;
  • Experience in developing production-level software at scale;
  • Demonstrated proficiency with development tools (e.g. Gradle, Jenkins) and languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript);
  • Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI);
  • Understanding of distributed systems and secure software architecture;
  • 5 years of relevant professional experience.