Distro

Senior Security Engineer

Distro

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $115,000 - $145,000 per year

Job Level

Senior

Tech Stack

AWSCloudLinux

About the role

  • Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks.
  • Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation.
  • Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows.
  • Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed.
  • Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments.
  • Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business.
  • Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts.
  • Manage incident response procedures, conduct postmortems, and implement long-term prevention measures.
  • Create and maintain high-quality documentation for security processes, infrastructure risks, and compliance status.
  • Stay current on threat landscapes, tools, and best practices relevant to ecommerce, health data, and hybrid infrastructures.

Requirements

  • 5+ years of experience in security engineering, DevSecOps, or infrastructure security roles.
  • Deep technical understanding of cloud security (AWS, OCI) and on-prem environments.
  • Experience with container security, CI/CD hardening, key/secret management, and secure software development practices.
  • Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties.
  • Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.).
  • Strong documentation practices; able to write clear runbooks, security policies, and architecture diagrams.
  • Comfortable working in highly customized, complex environments.
  • Strong understanding of Linux, networking, authentication, and monitoring.
  • Ability to operate autonomously while collaborating across multiple disciplines and technical stacks.
  • Experience using AI or ML tools to enhance security initiatives, such as accelerating threat detection, automating security monitoring, improving anomaly detection, or integrating AI-driven platforms into incident response workflows.
  • Nice to Have
  • Experience with security in regulated environments such as healthcare, biotech, or genomics (e.g., HIPAA, GINA, 21 CFR Part 11), ideally within rapidly scaling consumer health or healthtech platforms handling sensitive user data.
  • Familiarity with securing ecommerce platforms, including fraud prevention and secure checkout workflows.
  • Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit) or managing third-party pen test vendors.
  • Security certifications such as CISSP, OSCP, or AWS Certified Security – Specialty.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
penetration testingvulnerability assessmentscloud securitycontainer securityCI/CD hardeningkey managementsecure software developmentincident responsesecurity auditsthreat modeling
Soft skills
strong documentation practicesability to operate autonomouslycollaboration across disciplinesproblem-solvingcommunication skills
Certifications
CISSPOSCPAWS Certified Security – SpecialtyHIPAASOC 2ISO 27001