Security Engineer

Get Well

full-time

Posted on: 9/18/2025

Origin: • 🇺🇸 United States

Visit company website

✨ AI Apply

Apply

Salary

💰 $110,000 - $130,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AnsibleAWSCloudDNSDockerFirewallsLinuxPythonTerraform

About the role

Baseline Linux hardening and patch automation rolled out with ≥95% fleet compliance
CI/CD pipelines enforce SAST/SCA/IaC policy gates with <2% secrets leaks
Implement Fargate/ECS/ECR admission policies; enforce image signing for production
Add actionable detections to SIEM; reduce MTTD/MTTR quarter-over-quarter
Leverage AI to analyze complex datasets, identify patterns, and categorize insights
Develop and deploy custom utilities and automation tools to accelerate data-driven decision-making
Fine tune alerts, including utilizing automation and AI
Linux security across servers, containers, and endpoints: hardening (CIS/NIST baselines), patching, kernel/module controls, eBPF/AppArmor/SELinux, SSH and PAM policies, and key management
Build security into CI/CD: design guardrails and automate checks (SAST/DAST/SCA, secrets scanning, IaC policy-as-code) in tools like GitLab
Cloud & container security: implement least-privilege IAM; secure VPC/VNet design; KMS usage; Secrets manager hardening; image signing, admission controllers, runtime controls, and registry policies
IaC & platform: create secure-by-default Terraform/Terragrunt modules; codify baseline controls; maintain reusable templates and golden AMIs/images
Threat modeling & reviews: conduct design reviews, STRIDE-style threat models, and pre-prod security sign-offs for new services
Vuln management: run scans (hosts/containers/dependencies), triage findings, drive remediation SLAs, and report risk posture
Detection & response: tune EDR/agent configs, ship logs, build detections in SIEM, participate in on-call/IR, and run post-incident learnings
Secrets & identity: manage/monitor KMS, rotate credentials, and implement workload identity/federation for humans and services
Compliance enablement: map controls to SOC 2/HITRUST/FedRAMP Moderate/NIST; produce evidence via automation; partner with GRC for audits
Advocacy & enablement: create docs/runbooks, lead brown-bags, and coach teams on secure coding and platform usage

Requirements

4-7+ years in security engineering, platform security, or SRE with a security focus
Expert-level Linux administration and hardening (kernel, access controls, networking, filesystems, systemd)
Understanding of and exposure to current AI/LLM models and use cases
Strong DevOps/DevSecOps background: CI/CD design, artifact management, environment promotion, and policy-as-code
Proficiency in Python and/or Bash and in automating security tasks at scale
Hands-on with cloud IAM, networking, and encryption fundamentals (VPCs, security groups, TLS/mTLS, KMS, PKI)
Experience operating containers securely (RBAC, PSP replacement, network policies, secrets, admission controls)
Demonstrated work with vulnerability management, dependency scanning, and remediation workflows
Familiarity with SIEM/EDR, log pipelines, and incident response practices
Solid understanding of network security (routing, firewalls, DNS, TLS, SSH, VPNs, proxies)
Excellent collaboration and communication with developers, SRE, and GRC
Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI
Even Better: Experience with supply-chain security (Sigstore, SBOMs, provenance/attestations)
Exposure to secret zeroization and key lifecycle management
Prior work mapping/implementing SOC 2, HITRUST, FedRAMP Moderate, ISO 27001, NIST 800-53/1900 controls
Certifications (nice but not required): OSCP/OSWP, CISSP, GSEC, GCIA, GCSA, CKA/CKS

Security Engineer

Salary

Job Level

Tech Stack

About the role

Requirements

Similar jobs on JobTailor

Senior Software Development Engineer in Test, DevOps

DevOps Engineer [Senior] [Remote - EMEA]

Analista Sênior de Segurança da Informação

Analista Sênior de Segurança

Azure Cloud Platform Engineer