Senior Security Engineer ( Application & Cloud Security)

What's exciting waiting for you?

• This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch.
• It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers.
• You will be a part of a growth story in securing critical payment infrastructure that spans both application security and cloud security across 70+ markets.

About the Senior Security Engineer Role

• As a Senior Security Engineer, you will play a pivotal role in securing our entire technology stack - from application-level security to cloud infrastructure protection.
• You will lead comprehensive security initiatives across our AWS cloud environments and payment applications built with Node.js and GoLang microservices, while leveraging AWS security services and modern security tools to protect against evolving threats. This role combines deep technical expertise in both application security and cloud security with leadership responsibilities.

Key Responsibilities

Application Security Leadership

• Lead comprehensive security assessments of

  microservices-based applications

  built with GoLang, Java, or Scala
• Conduct advanced security reviews of

  Vue.js and ReactJS frontend applications

  and their integration with backend services

• Execute expert-level manual and automated web application penetration testing

  using industry-standard methodologies (OWASP Testing Guide, PTES)

• Design and implement vulnerability scoring and risk assessment frameworks

  using CVSS, OWASP Risk Rating, and custom business impact metrics
• Utilize

  govulncheck

  for Go-specific vulnerability detection and dependency analysis across microservices
• Deploy

  Semgrep/OpenGrep

  for advanced static code analysis and custom security policy enforcement
• Integrate

  Gitleaks

  for comprehensive secret detection across development workflows

• Lead secure development lifecycle (SDLC) integration and establish security standards for development teams

• Perform complex web application penetration testing

  including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities

AWS Cloud Security Architecture

• Design and implement enterprise-level security architecture for AWS cloud environments
• Configure and optimize

  AWS Shield

  (Standard and Advanced) for comprehensive DDoS protection
• Implement and manage

  AWS CloudFront

  security configurations including advanced WAF rules, SSL/TLS, and origin protection
• Secure complex AWS services including EC2, ECS, EKS, Lambda, RDS, S3, API Gateway, and multi-region deployments
• Design network security controls using VPC, Security Groups, NACLs, AWS Transit Gateway, and PrivateLink
• Establish and lead secure CI/CD pipeline implementations for

  Node.js applications

  and

  GoLang microservices

• Architect container security solutions for Docker and Kubernetes (EKS) environments

Security Automation & Monitoring

• Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub
• Deploy and manage

  Prowler

  for continuous AWS security assessments and compliance validation
• Utilize

  ScoutSuite

  for multi-cloud security posture management and configuration auditing
• Configure

  Gitleaks

  for continuous secret monitoring across enterprise development workflows
• Implement

  Semgrep/OpenGrep

  rules for real-time security vulnerability detection and policy enforcement
• Lead automation initiatives using Infrastructure as Code (Terraform, CloudFormation, AWS CDK)
• Develop advanced security automation scripts and frameworks using Python, Bash, and AWS SDKs
• Create comprehensive security dashboards and executive reporting mechanisms

Vulnerability Management & Risk Assessment

• Lead enterprise vulnerability management programs

  with comprehensive scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments

• Develop sophisticated risk scoring matrices

  incorporating technical severity, business impact, exploitability, and regulatory requirements

• Create detailed penetration testing reports

  with executive summaries, technical findings, and strategic remediation roadmaps

• Establish vulnerability SLA metrics

  and track remediation timelines based on risk scores and business priorities
• Conduct root cause analysis (RCA) on complex security incidents and implement preventive measures

• Lead threat modeling sessions and strategic risk assessments for new features and infrastructure changes
• Mentor junior security engineers and provide technical guidance on vulnerability remediation

Compliance & Regulatory Security

• Ensure comprehensive compliance with financial industry regulations (PCI DSS, SOX, GDPR, PSD2)
• Lead compliance audits and regulatory assessments using

  Prowler

  for AWS compliance validation
• Implement

  ScoutSuite

  for comprehensive multi-cloud security auditing
• Design and maintain data protection controls for sensitive payment processing workloads
• Develop and maintain disaster recovery and business continuity security plans
• Lead security aspects of vendor risk assessments and third-party integrations
• Represent security requirements to business leadership and regulatory bodies

Technical Leadership & Strategy

• Serve as technical security leader for complex cross-functional projects
• Influence security strategies, standards, and architectural decisions across the organization
• Lead security initiatives and mentor junior engineers on advanced security practices
• Participate in strategic security planning and technology evaluation
• Drive security culture transformation and champion security best practices
• Represent security needs to executive leadership and board-level communications

Required Qualifications

Experience

• 8+ years of experience in information security

  with demonstrated expertise in both application security and cloud security

• Extensive experience securing microservices architectures

  , particularly those built with GoLang, Java, or Scala

• Advanced experience with AWS cloud security

  including Shield, CloudFront, and comprehensive security service management

• Expert-level web application penetration testing experience

  including complex business logic vulnerabilities and multi-tier architectures

• Proven leadership in vulnerability scoring and risk assessment

  using industry-standard frameworks

• Hands-on expertise with security automation tools

  : govulncheck, Gitleaks, Semgrep/OpenGrep, Prowler, ScoutSuite

• Strong experience securing Node.js applications

  and modern JavaScript frameworks (Vue.js, ReactJS)
• Experience leading security teams and influencing organizational security strategy

Technical Skills

• Expert-level proficiency in AWS security services

  including Shield, CloudFront, GuardDuty, Security Hub, WAF, and comprehensive service portfolio

• Advanced application security expertise

  across GoLang, Java, Scala, Node.js, Vue.js, and ReactJS technologies

• Mastery of security automation tools

  : govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep/OpenGrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing)

• Expert-level web application penetration testing skills

  using advanced tools and custom exploitation frameworks

• Comprehensive knowledge of vulnerability scoring frameworks

  including CVSS v3.1, OWASP Risk Rating, and FAIR methodology

• Advanced Infrastructure as Code

  proficiency (Terraform, CloudFormation, AWS CDK)

• Expert container and orchestration security

  (Docker, Kubernetes/EKS, service mesh security)

• Advanced scripting and automation

  capabilities (Python, Bash, PowerShell, Go)

• Enterprise network security

  and cloud networking expertise

Security Expertise

• Deep understanding of application security principles

  and advanced penetration testing methodologies

• Expert knowledge of cloud security frameworks

  (NIST, CSA, AWS Well-Architected Security Pillar)

• Advanced understanding of financial services security

  and payment processing compliance requirements

• Expertise in security architecture design

  for complex distributed systems

• Advanced threat modeling and risk assessment

  capabilities

• Comprehensive knowledge of cryptography, PKI,

  and secure communication protocols

• Expert-level incident response and forensic analysis

  skills

• Advanced understanding of regulatory compliance

  frameworks and audit requirements

Nice to Have

Certifications

• AWS Security Specialty certification (required)

• Advanced penetration testing certifications

  (OSCP, GWEB, eWPT, eWPTX)

• Security leadership certifications

  (CISSP, CISM, CISSP)

• Cloud architecture certifications

  (AWS Solutions Architect Professional, DevOps Engineer Professional)

• Additional cloud security certifications

  (Azure Security, GCP Security)

Additional Skills

• Experience with multi-cloud security architectures

  and hybrid environments

• Advanced knowledge of serverless security

  (AWS Lambda, API Gateway, serverless frameworks)

• Expertise in security orchestration and automated response

  (SOAR) platforms

• Experience with machine learning/AI security

  applications and threat detection

• Advanced understanding of payment processing security

  and financial services infrastructure

• Experience with regulatory examination processes

  and security audit leadership

• Knowledge of emerging security technologies

  and threat landscape evolution

• Experience with security product evaluation

  and vendor management

• Advanced presentation and executive communication

  skills

Key Abilities and Traits

Technical Excellence:

Leadership:

Strategic Thinking:

Problem-Solving:

Communication:

Continuous Innovation:

Project Management:

Mentorship: