Lead Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Lead Security Engineer in the United States.

As a Lead Security Engineer, you will play a key role in strengthening the organization’s cybersecurity posture and ensuring a secure experience for users across platforms. You will oversee the design and implementation of advanced security frameworks, tools, and practices, working closely with product and engineering teams to mitigate risk and embed security throughout the software lifecycle. This position offers the opportunity to influence security strategy, drive technical excellence, and lead complex security initiatives from concept to execution. Ideal candidates are passionate about proactive defense, automation, and continuous improvement, thriving in environments that value innovation and collaboration.

Accountabilities

• Lead and mature security initiatives to ensure protection from design through implementation.
• Conduct threat modeling to guide product and application design decisions.
• Perform in-depth code reviews to detect vulnerabilities and ensure compliance with best practices.
• Identify and triage application vulnerabilities while proposing effective remediation strategies.
• Conduct purple team exercises to simulate and counter attack vectors.
• Develop and optimize automated security processes, tools, and monitoring systems.
• Implement frameworks for severity levels, SLAs, and remediation workflows.
• Collaborate with cross-functional teams to integrate security principles into engineering workflows.

• Proven experience leading and implementing successful application security programs.
• Strong background in partnering with cross-functional engineering and product teams.
• Expertise in designing remediation strategies and mitigating security vulnerabilities.
• Deep understanding of DevSecOps, AppSec, and modern cloud environments.
• Experience with AWS, Kubernetes, CI/CD pipelines, Terraform, and CloudFormation.
• Familiarity with security and compliance standards such as SOC2, PCI, HIPAA, HITRUST, and NIST.
• Experience protecting sensitive data, particularly in healthcare or regulated industries.
• Knowledge of securing Ruby on Rails, JavaScript, and GraphQL applications.
• Hands-on experience with penetration testing tools such as Burp Suite.
• Strong analytical mindset, problem-solving ability, and attention to detail.