Senior Security Engineer

Senior Security Engineer

What You'll Do:

As a Senior Security Engineer at EnergySage, you will play a pivotal role in fortifying our application security through both hands-on technical work and strategic initiatives. Your responsibilities will include:

• Hands-On Security Enhancements:
• Implement and refine security measures for our infrastructure, including writing code and developing Infrastructure as Code (IaC) solutions.
• Create and maintain security reference implementations and templates to streamline best practices across the team.
• Monitoring and Incident Management:
• Set up, configure, and manage security alerting systems to ensure proactive threat detection.
• Regularly review and triage security findings, assess their urgency, and take appropriate action to address and escalate critical issues.
• Training and Development:
• Lead and deliver training sessions to elevate the security expertise of our team, covering topics from AppSec basics to advanced concepts.
• Design and conduct tabletop exercises to prepare the team for potential security incidents and disaster recovery scenarios.
• Collaborative Security Leadership:
• Work closely with IT and Platform teams to manage permissions and configurations securely.
• Engage with the SE security team and vendors on security audits, scans, and assessments, fostering strong relationships with key stakeholders.
• Contribute to architecture and security review processes, offering valuable insights to enhance overall security posture.

What We Look For:

To thrive in this role, we are looking for someone who embodies the following qualities and experiences:

• Proven Technical Expertise:
• Demonstrated experience in writing and deploying secure code, including proficiency in Infrastructure as Code (IaC).
• Strong problem-solving skills with the ability to integrate security into legacy systems and ensure high-quality, reviewable pull requests.
• Monitoring and Alerting Skills:
• Experience in configuring and managing monitoring and alerting systems for web applications, with a knack for balancing proactive and reactive tasks.
• Ability to consolidate information from various sources and manage security alerts efficiently, including responding to active threats.
• Effective Trainer and Communicator:
• Track record of delivering impactful training sessions to technical teams, with a clear ability to communicate complex security concepts to both technical and non-technical audiences.
• Skill in adapting training approaches for different audiences and addressing any misunderstandings effectively.
• Strategic Security Reviewer:
• Experience in reviewing and critiquing architecture proposals with a focus on security.
• Proven ability to challenge and improve security proposals while balancing technical authority with approachability.
• Technical Proficiencies:
• In-depth knowledge of web security principles (e.g., cookies, security headers, DNS) and AWS (e.g., networking, IAM roles, Infrastructure as Code).
• Familiarity with CDK, Cognito, and Datadog is advantageous.
• Relevant Experience:
• Hands-on experience in security engineering and incident management, ideally within a fast-paced B2C environment.
• Background in briefing executives and delivering security training sessions to technical teams is preferred.

If you're passionate about security and ready to make a meaningful impact at EnergySage, we'd love to hear from you!

#LI-CR1