Senior Security Engineer

Job not on LinkedIn

3 days ago

Apply Now

Receive Emails with Similar Jobs

Distro

WebsiteLinkedInAll Job Openings

HR Tech • Recruitment • SaaS

Distro is an AI-driven recruiting platform designed to automate and streamline the hiring process for companies of all sizes. By leveraging smart automation, Distro helps teams quickly vet resumes, conduct structured video interviews, and match candidates to job requirements, enabling efficient and effective hiring. Catering to startups, remote-first companies, and enterprise talent teams, Distro enhances recruitment by reducing manual tasks and facilitating international hiring through its employer of record services.

1 - 10 employees

Founded 2021

👥 HR Tech

🎯 Recruiter

☁️ SaaS

📋 Description

• Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks. • Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation. • Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows. • Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed. • Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments. • Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business. • Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts. • Manage incident response procedures, conduct postmortems, and implement long-term prevention measures. • Create and maintain high-quality documentation for security processes, infrastructure risks, and compliance status. • Stay current on threat landscapes, tools, and best practices relevant to ecommerce, health data, and hybrid infrastructures.

🎯 Requirements

• 5+ years of experience in security engineering, DevSecOps, or infrastructure security roles. • Deep technical understanding of cloud security (AWS, OCI) and on-prem environments. • Experience with container security, CI/CD hardening, key/secret management, and secure software development practices. • Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties. • Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.). • Strong documentation practices; able to write clear runbooks, security policies, and architecture diagrams. • Comfortable working in highly customized, complex environments. • Strong understanding of Linux, networking, authentication, and monitoring. • Ability to operate autonomously while collaborating across multiple disciplines and technical stacks. • Experience using AI or ML tools to enhance security initiatives, such as accelerating threat detection, automating security monitoring, improving anomaly detection, or integrating AI-driven platforms into incident response workflows. • Nice to Have • Experience with security in regulated environments such as healthcare, biotech, or genomics (e.g., HIPAA, GINA, 21 CFR Part 11), ideally within rapidly scaling consumer health or healthtech platforms handling sensitive user data. • Familiarity with securing ecommerce platforms, including fraud prevention and secure checkout workflows. • Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit) or managing third-party pen test vendors. • Security certifications such as CISSP, OSCP, or AWS Certified Security – Specialty.