Senior Security Engineer
This job is being posted to the TAO job board because it is potentially open to remote candidates. Feel free to contact me if you’d like to learn about Optimizely before applying. I am a PDX-based remote Optimizely employee. Josh.Schoonmaker@Optimizely.com
Security is in the foundation of over 9,000 customers’ trust in Episerver. In this role, you will help lead our security program that enables security being baked into all of the products and infrastructure built at Episerver. The responsibilities of this role are a blend of security engineering, software engineering and project management. If you’re a senior level security engineer looking to get into a leadership position, this is a great opportunity for you to have impact across a global engineering organization and build a world-class security program.
- Help lead the software security program at Episerver- ensure that security is baked in to everything we build at every step of the software development lifecycle
- Maintain our software security awareness program and ensure 100% of engineers stay informed annually of top security risks and best practices
- Create security policy, standards, procedures and guidelines for engineering
- Perform security reviews of Product Designs, and Technical designs
- Measure and grow security maturity across the business
- Assist in the triage of security issues and provide recommended fixes
- Work across teams to facilitate independent security assessments and penetration tests
- Evaluate new tools, processes, and frameworks; Drive adoption of the best ones
- Maintain a high level view of security posture, and gaps with a focus on driving down risk in critical areas.
- Software engineering, or cloud engineering background at a SaaS company. You may not be coding often, but you will need to be comfortable reviewing and discussing code with a diverse set of engineers
- Familiarity with cloud security, particularly AWS and Azure Security concepts. You will be collaborating with the Reliability Engineering organization to bake AWS, Azure and GCP security best practices into our infrastructure.
- Experience with security activities throughout the software development lifecycle- design reviews, threat modeling, code reviews, tooling, penetration testing, incident response. You will act as the Security Partner for one or more Engineering teams to facilitate these practices.
- Able to influence without authority and have excellent teamwork skills
- Exceptionally clear communication skills- you'll need to communicate effectively and build relationships with all levels and roles at Episerver
- Worked in a fast growth startup environment
- Implementing software security programs like the Security Development Lifecycle at a SaaS company
- Must be proficient in at least one language such as Python, Java, or Golang
- An understanding of common application security problem spaces, and frameworks to mitigate or remediate
- Thorough knowledge of OWASP Top 10
- Deep knowledge of cloud security concepts and applications
- Bachelor’s Degree in Computer Science or equivalent experience