Security Engineer Job Descriptions, Average Salary, Interview Questions

As a Backend Security Engineer, you’ll be seeking out security issues, finding solutions, and implementing fixes in the ABC Company server infrastructure. The ideal candidate has experience securing consumer product server APIs and a passion for virtual reality. If you’re interested in seeking out exploits and stomping them out, then this role could be right up your alley.

Job & team impact

Your work will directly impact the user experience for millions of ABC Company users. Vulnerabilities in ABC Company’s server infra can lead to a negative impact on a user’s experience in ABC Company and your job is to keep that from happening!

Duties & responsibilities

• Take the lead in finding and fixing security vulnerabilities in the ABC Company server infrastructure
• Collaborate with various teams to assess, design, and fix security-critical code
• Help architect Safety by Design features within the ABC Company platform

Experience, skills & qualifications

• 3+ years experience in securing consumer-facing backend stacks
• Have experience with using cloud providers at scale, such as AWS or Google Cloud
• Be able to work in a variety of languages, especially Node.js, Golang, and C#
• Strong cross-team communication skills

Preferred qualifications

• Demonstrated interest in VR, online communities, or be a ABC Company user and creator! Knowing how our platform and community works will be extremely helpful for this role
• Experience working on a “live” app, shipping frequent updates and responding to user feedback

We are looking to hire a security engineer to cover the technical aspects of the application and cloud security. You will be joining as the first security engineer in a security team of three people, therefore you will have complete freedom and responsibility to influence our tooling, processes, and direction. You will work closely with our product, engineering, and infrastructure teams to collaborate on security-related topics and evangelize security best practices.

You will be reporting to ABC Company’s Director of Security and Compliance who oversees everything related to our security, privacy, and compliance obligations.

Responsibilities:

• Investigate web application security vulnerabilities found by penetration testers and automated scanning tools. Reproduce the issues, determine the business impact, implement a fix, and respond to the original report
• Scope and manage our third-party penetration tests and HackerOne bug bounty program
• Build on our current application security scanning tools of Brakeman, Dependable, and Beagle Security to increase test coverage and accuracy of findings
• Consult on engineering projects before work begins to ensure security, privacy, and compliance considerations are scoped into the work. Provide guidance and best practices for the secure implementation of features
• Improve our monitoring and logging capabilities to enhance our ability to detect suspicious behavior, and decrease incident response time
• Respond to potential incidents by analyzing logs using tools such as Datadog and working with our customer success team to communicate the correct message to customers
• Review cloud infrastructure deployments and configuration changes for security issues in platforms such as AWS, Heroku, and GCP

Qualifications:

• Excellent communication skills, in writing and verbally. You’ll be able to work asynchronously and summarize complex concepts for non-technical people to understand. You’ll be confident in creating short videos to explain ideas and share security knowledge with others in the company.
• Experience writing and reviewing ruby, rails, and javascript code to find and fix security issues
• Implemented new security features within applications, and have experience building and using security automation and monitoring tools
• A strong understanding of security architecture, risk analysis, network security, identity management, and security monitoring
• Worked with engineering teams to provide guidance and best practices for the secure implementation of new features
• Experience of penetration testing and looking for vulnerabilities in applications
• A keen interest in staying up to date with the latest application security vulnerabilities, tools, and best practices, and sharing your knowledge with others

Our company operates on the singular premise of keeping the world safe from cyber threats. We fight this arms race by using cutting-edge technology and the most up-to-date security protocols. The best technology in the world won’t go as far as the person using it, however. This is why we search for best-in-class security engineers who can use these tools to their full potential. 

We believe that a company should feel confident doing business online, and their customers should feel safe using their services. We want to create a world where everyone can operate freely and securely in the online marketplace without the risk of compromises or fear of security breaches. If you have a passion for cybersecurity, and you have the right mindset and commitment to our mission, we would love to hear from you!

Typical duties and responsibilities

• Constantly stay up to date on the latest security and technology trends within the cybersecurity field
• Research and develop protocols for old and emerging threats
• Design and implement disaster recovery plans, as well as general contingency plans for security breaches
• Monitor company traffic within guidelines and expectations and investigate potential intrusions, attacks, or unusual activity
• Test and evaluate current security
• Design and maintain an IRP for the company
• Use standard analytical tools to detect and prevent vulnerabilities and discover threat pattern
• Participate in ethical hacking white hat simulations against the company
• Maintain company firewalls and encryption as first lines of defense
• Control access management for staff and guests
• Participate in meetings and present recommendations/concerns to management and stakeholders

Education and experience

• Bachelor’s degree in computer science, cybersecurity, engineering, or related field
• Minimum 3 years experience in a cybersecurity position

Required skills and qualifications

• Outstanding verbal and written communication skills
• Excellent attention to detail
• Working understanding of cybersecurity toolsets and detection and prevention systems
• Fluent in common programming languages
• Excellent organizational skills and time management

Preferred qualifications

• Experience administering access within Linux and Windows systems
• Experience working in a SOC
• Experience with creating diagrams, infographics, workflows, and other presentation points
• Experience with Splunk and EPS
• Experience delivering presentations to a wide variety of audiences and distilling useful information into understandable formats

We’re looking for a Remote Security Engineer in the U.S. to join ABC Company. The Security Engineer will work in the ABC Company Cloud Protection and Licensing (CPL) business, securing the world’s cryptographic infrastructure – the keys, the algorithms, and the business logic. We are safeguarding some of the biggest names in technology and are securing over 80% of the world’s banking transactions. Our security engineers are part of a global team supporting product development as subject matter experts in topics such as threat modeling, security architecture, secure coding, cryptography, and vulnerability assessment. We assist in all elements of product security; help teams make risk-based decisions, and educate and elevate the security maturity of the teams in a manner that will scale.

Responsibilities

• Work closely with security champions and product teams to enable and support risk-based decision-making that pragmatically balances security, performance, and compliance to ensure that products are not just secure, but usable for real world use case
• Act as a subject matter expert on projects and initiatives relating to security
• Train the engineering organization to improve their security maturity, awareness, and judgement during all phases of product development
• Contribute to the development of a high quality product security program
• Stay abreast of the evolving threat landscape
• Explore security topics that interest you and develop your skills in those areas

Required skills and experience

• Bachelor’s degree in information security, information technology, computer science, computer engineering, or another equivalent field of study; or equivalent work experience
• 2+ years of experience in application security
• 2+ years of experience in solving challenging security problems using knowledge and/or skills in one or more of the following areas:
• Threat Modeling and Risk Assessment
• Cryptography & Secure Protocols
• Vulnerability Assessments/Penetration Testing
• Tool Assisted & Manual Code Reviews
• Vulnerability Management
• Secure Development Lifecycles
• Effective oral and written communications skills
• Ability to collaborate successfully in a team environment, be sensitive to needs of the teams, and effectively develop relationships across disciplines
• Travel: 25%

Preferred qualifications

• Smarts, curiosity, humility, and a positive personality; an open-minded approach to work; and equal willingness to both learn and teach
• A desire for learning and understanding the security discipline, and a commitment to sharing with the community
• Experience with security of IoT devices, embedded systems, or HSMs
• Understanding or experience with hardware security and attack techniques such as physical tampering, counterfeiting, side-channel attacks, or glitching
• Experience in developing, deploying, and/or automating security tools to identify security flaws in products
• Experience with security testing, CICD Pipelines, and automation
• Experience with software development, modern programming and frameworks, and agile development practices
• Professional experience building products in at least one high-level programming language
• Knowledge of how to read (and break) code in languages such as C/C++, Java, or Go
• Experience with web application security technologies, frameworks, protocols, API Security, mitigation techniques, and potential pitfalls
• Experience with cloud deployments, GCP or other cloud platforms, cloud technologies such as Kubernetes, and relevant security concepts