Distro is a marketplace to find, hire, and pay technical talent in over 200 countries. Join now for free.

Senior Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteTeam 1-10Since 2021H1B SponsorCompany Site LinkedIn

Location

United States

Posted

103 days ago

Salary

$115K - $145K / year

Bachelor Degree5 yrs expEnglishAWSCloudLinux

Job Description

• Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks. • Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation. • Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows. • Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed. • Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments. • Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business. • Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts. • Manage incident response procedures, conduct postmortems, and implement long-term prevention measures. • Create and maintain high-quality documentation for security processes, infrastructure risks, and compliance status. • Stay current on threat landscapes, tools, and best practices relevant to ecommerce, health data, and hybrid infrastructures.

Job Requirements

5+ years of experience in security engineering, DevSecOps, or infrastructure security roles.
Deep technical understanding of cloud security (AWS, OCI) and on-prem environments.
Experience with container security, CI/CD hardening, key/secret management, and secure software development practices.
Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties.
Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.).
Strong documentation practices; able to write clear runbooks, security policies, and architecture diagrams.
Comfortable working in highly customized, complex environments.
Strong understanding of Linux, networking, authentication, and monitoring.
Ability to operate autonomously while collaborating across multiple disciplines and technical stacks.
Experience using AI or ML tools to enhance security initiatives, such as accelerating threat detection, automating security monitoring, improving anomaly detection, or integrating AI-driven platforms into incident response workflows.
Nice to Have
Experience with security in regulated environments such as healthcare, biotech, or genomics (e.g., HIPAA, GINA, 21 CFR Part 11), ideally within rapidly scaling consumer health or healthtech platforms handling sensitive user data.
Familiarity with securing ecommerce platforms, including fraud prevention and secure checkout workflows.
Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit) or managing third-party pen test vendors.
Security certifications such as CISSP, OSCP, or AWS Certified Security – Specialty.