Sr. Security Engineer
910 E Hamilton Ave, Ste 500 Campbell, CA 95008
Sr. Security Engineer
6 months plus Contract or Contract-to-hire
We are looking for an experienced Software Engineer with a background in applications security to develop and secure large-scale distributed systems. You will be a key contributor to Digital Health & Analytics’ next generation data platform and will be responsible for delivering secure high-performance services.
Principal Duties and Responsibilities include but are not limited to:
- Research, design and apply advanced security techniques
- Design and engineer cloud security services and infrastructure
- Develop advanced security and cryptographic systems
- Build large-scale detection systems
- Integrate automated security testing capabilities into an evolving CI/CD program
- Performing on-going security testing and code review to improve software security
- Troubleshooting and debugging issues that arise
- Consult team members on secure coding practices
- A focus on security, recoverability and scalability in all designs and solutions
- BS or MS degree in engineering, computer science, or related field
- 4+ years direct experience with the technologies and duties of this position
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Professional experience developing and securing cloud-based applications
- Professional experience designing secure Docker containers according to best practices
- Professional experience with monitoring tools
- A passion for learning and keeping up to date with the latest tools and technologies
- A strong work ethic and attention to detail.
Good-to-have below skills
- Network level security experience, in particular: SSL/TLS certificate, Public Key Encryption (EPKE)
- Data encryption, Security Assertion Markup Language (SAML), Single sign-on(SSO), rule based access control (RBAC)
- Strong understanding of Web Application vulnerabilities (OWASP) and attacks.
- Ability to translate traditional information security best practices and defense in depth approaches to virtualized/cloud-based environments.
- Container orchestration technologies like Kubernetes, ECS, etc.
- Continuous integration and continuous deployment tools (Jenkins)
- Building or managing a micro service architecture a plus