Lead Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Lead Security Engineer in the United States.

The Lead Security Engineer will guide and enhance enterprise security initiatives to ensure a modern, secure, and resilient user experience. This role focuses on driving application security programs, partnering with cross-functional teams, and implementing effective risk management strategies. You will influence security architecture, perform threat modeling, and ensure vulnerabilities are identified and mitigated. The position involves hands-on security code review, automation of security processes, and continuous improvement of security operations. Working in a collaborative and innovative environment, you will shape the organization’s security posture and contribute to meaningful projects that directly impact users and business outcomes. Flexible work arrangements allow you to operate where you work most effectively while leading enterprise security efforts.

Accountabilities

• Lead security initiatives across applications, infrastructure, and DevSecOps pipelines from design through implementation.
• Perform threat modeling and vulnerability assessments to inform secure application design.
• Conduct security code reviews to validate adherence to best practices and identify potential risks.
• Triage vulnerabilities, recommend remediation strategies, and implement mitigation plans.
• Collaborate with engineering teams to ensure secure development and deployment practices.
• Optimize security processes using SLAs, severity frameworks, and automation tooling.
• Purple team applications to demonstrate attack vectors and enhance defensive strategies.
• Research, evaluate, and implement state-of-the-art security tools and processes.

• Proven experience delivering application security programs and driving enterprise security initiatives.
• Strong understanding of engineering-focused remediation and mitigation strategies for security vulnerabilities.
• Experience with DevSecOps, product engineering, security engineering, and cross-functional collaboration.
• Familiarity with cloud environments and infrastructure security, including AWS, Kubernetes, CI/CD pipelines, Terraform, and CloudFormation.
• Knowledge of health data protection and security best practices.
• Experience securing applications built on Ruby on Rails, JavaScript, and GraphQL.
• Proficiency with penetration testing tools such as Burp Suite.
• Familiarity with industry security frameworks and standards, including SOC2, PCI, HIPAA, HITRUST, and NIST.
• Strong analytical, problem-solving, and communication skills.
• Preferred: experience automating security processes and working in regulated environments.