Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Security Engineer in the United States.

This role offers an exciting opportunity to shape and strengthen the security posture of modern cloud-native applications. You will work closely with engineering, DevOps, and SRE teams to embed security practices across the software development lifecycle, proactively identify and mitigate risks, and ensure compliance with industry standards. The Security Engineer will operate in a hands-on, technical capacity, integrating security tooling, performing threat modeling, and guiding secure architecture practices. By driving secure-by-design patterns and DevSecOps enablement, this role directly contributes to safer, more resilient applications and infrastructure. Collaboration, problem-solving, and a strong technical mindset are critical to success, along with a commitment to continuously evolving security capabilities.

Accountabilities

·         Define, monitor, and continuously improve standards for application and cloud security tools, including WAFs, SAST, DAST, SCA, IaC scanners, and CNAPP platforms.

·         Conduct threat modeling, architecture reviews, and code assessments to identify and remediate security risks.

·         Guide secure design practices for services, APIs, encryption, key management, and secure protocols.

·         Collaborate with product and engineering teams to review designs and code for security considerations.

·         Harden cloud environments (AWS, optionally Azure/GCP) with IaC templates, guardrails, and CSPM/CNAPP controls.

·         Integrate and automate security tooling within CI/CD pipelines and develop scripts to streamline scanning, reporting, and provisioning.

·         Triage vulnerabilities from multiple sources, manage incidents, and maintain clear audit trails.

·         Support compliance and audit activities, including SBOMs, logging, and monitoring.

·         Establish security KPIs, dashboards, and reporting frameworks to track program maturity and remediation progress.

·         Evaluate and recommend new security tools, technologies, and frameworks to strengthen organizational security posture.

Minimum Qualifications:

·         3+ years of experience in Security Engineering, Cloud Security, or Application Security roles.

·         Strong proficiency in SDLC and DevSecOps practices for cloud-native environments (microservices, containers/Kubernetes, serverless, IaC).

·         Hands-on experience with AppSec tools (SAST, DAST, SCA, IaC/container scanning, CNAPP, WAF).

·         Solid understanding of cloud architecture, networking, and security (AWS expertise required).

·         Experience with IaC tools (Terraform, CloudFormation) and CI/CD pipelines (GitHub, GitLab, CircleCI).

·         Familiarity with security standards and frameworks (OWASP Top 10, ASVS, NIST SSDF, CIS Benchmarks, ISO 27001, SOC 2).

·         Scripting or automation skills (Python preferred).

·         Excellent communication and collaboration skills to simplify technical risk for diverse audiences.

Preferred Qualifications:

·         WAF engineering experience (policy tuning, bot mitigation, blue/green rollout).

·         Knowledge of software supply chain security (SBOMs, signing, provenance).

·         Experience securing APIs and containerized workloads.

·         Relevant certifications such as CISSP, CSSLP, GWAPT, GCSA, or Cloud Security certifications (AWS/GCP/Azure).

·         Bachelor’s degree in Computer Science, Engineering, or related field.