| Hiring Now : : Security Engineer : : CA (Hybrid) at San Francisco, California, USA |
| Email: [email protected] |
| From: Surya kanta pradhan, Vyze inc. [email protected] Reply to: [email protected] Job Description - Job Title: Security Engineer Location: San Francisco, CA 94103 HYBRID Reporting to office 2x per week ( San Francisco Bay local candidates only. No relocation) Visa: No H1B/ CPT Must Haves: Option 1 Must be a Security Engineer with knowledge of OWASP Option 2 Must be either a Software Engineer OR DevOps Engineer with a background in Security. Must also be comfortable with either Python, Java, or TypeScript Amplitude is a leading digital analytics platform. More than 1,900 customers, including Atlassian, Jersey Mikes, Marks & Spencer, NBCUniversal, PayPal, Shopify, and Under Armour rely on Amplitude to gain self-service visibility into the entire customer journey. With Amplitude, teams can understand what product features are working, where users are getting stuck, and what actions lead to the right outcomes. As an organization, we approach challenges with humility, take ownership of our contributions, and embrace a growth mindset that pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners. Qualifications: 4+ years of security engineering experience OR equivalent experience in a SWE/DevOps role and an interest in working on security engineering initiatives Familiarity with security detection techniques (SAST, DAST, IAST, SCA), threat modeling frameworks (OWASP, MITRE, STRIDE, DREAD), and how they are used together to improve product security through design reviews A solid understanding of modern software development principles and design patterns, including the ability to write clean, efficient, and maintainable code (in Java, Typescript, Python, etc.) Familiarity with Agile, DevOps, CI/CD, and cloud-based infrastructure like AWS Curiosity and a willingness to learn Responsibilities: As a Security Engineer, you will help identify and drive impactful projects to improve the security of their platform, products, and internal systems You will partner closely with teams across the company and focus on systemic security improvements and risk reduction You will also maximize your security skills to support and participate in operational security responsibilities like security reviews and consulting, threat research/bug-bounty triage, incident response, and risk management Perform technical security assessments, code audits, and design reviews Clearly communicate the risk of security issues to developers, including proof-of-concept code as necessary to demonstrate the potential severity Partner with Engineering to establish comprehensive visibility into potential risk events across a cloud-native environment Create and refine telemetry, detection capabilities, and response playbooks required to detect, prevent, and respond to cyber risk events efficiently Manage risks by implementing robust security capabilities for repeatable predictable outcomes and maturation, and by coordinating incident response workflows Influence Engineering and Product teams to prioritize and implement all stages of the Vulnerability Management life-cycle - detection, analysis, remediation and disclosure Participate in team on-call rotation to support our penetration-testing, bug-bounty, and vulnerability-management programs Keywords: continuous integration continuous deployment California |
| [email protected] View all |
| Thu Oct 26 21:33:00 UTC 2023 |