Cloud Security Software Engineer

Job Title: Cloud Security Software Engineer, Threat Detection and Response

Locations: Newark, NJ

Salary: $130k – $180k

Job Summary

This is a role for an experienced Application Security Engineer who would relish the challenge of influencing and guiding the Engineering organization on the journey to web application, APIs, and mobile application security excellence.

Responsibilities:

• Contribute to the review and triage and resolution of security defects.
• Conduct risk evaluation and threat modeling for product features.
• Educate and build a culture of security primarily across the Product Engineering teams and also the entire organization.
• Define guidelines and standards for secure development, as part of a broader security knowledge base.
• Work closely with and provide guidance to the Product Engineering and SDET teams to define security requirements and automated security testing for all new features.
• Collaborate with the DevOps team to automate security scanning and testing and integrate automated security scanning into the build and deployment pipeline.
• Work with the Infrastructure and DevOps teams to ensure that the platform environments are secured in a manner that is repeatable and scalable.
• Detect and respond to security incidents.
• You will learn, grow professionally, contribute to an amazing team, and play a key role in building a DevSecOps culture that will allow Degreed to grow from a technology scale up to a world leading Product Company.

Qualifications:

• Minimum of 4 years of experience in software engineering and deep knowledge in modern languages and frameworks used to build API-based web applications i.e. C#, ASP.NET, JavaScript, TypeScript, Angular, Node etc.
• Commercial experience and strong focus on the security of web applications, APIs and mobile applications.
• Experience with OWASP, static/dynamic analysis, and common exploit tools and methods.
• Experience with SSO using SAML, OAuth, and OpenId Connect.
• Familiarity with cloud security controls and best practices.
• Experienced working remotely including proficiency to communicate over a text-based medium (Slack, GitHub Issues, Email) and can succinctly document technical details.