Senior Security Engineer, GenSec

About This Role

This Senior Security Engineer role is pivotal in shaping the security and resilience of GoodLeap's corporate systems, products, and operational processes. The position will involve working closely with various teams to ensure the safety and resilience of enterprise systems, products, and services.

Responsibilities

• Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes
• Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements
• Support or develop components of the security analytics platform
• Contribute to investigations, threat hunting, and incident response activities in a supporting role
• Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee
• Support the security operations team with the vulnerability management lifecycle for products and services under your purview
• Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities

Requirements

• Strong communication skills with ability to lead technical architecture discussions and communicate effectively with non-technical audiences
• Expertise in agile product lifecycles, understanding of how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization
• Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments
• Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM
• Proven ability to establish credibility and build trust with business, engineers, and operational staff
• Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce
• Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases
• Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault
• Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments
• Experience engaging with vendors in design partnerships
• Experience overseeing vulnerability and threat management at the platform and application levels
• Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement
• Ability to balance a high-level view of security strategy with attention to detail

Nice to Have

• Experience in a product manager or engineering manager role
• Knowledge of GCP and/or Azure

Skills

* Required skills