Stack OverflowRemote
Senior Information Security Engineer
United States of America
Full Time
1 week ago
H1B Sponsor Likely
Key skills
WindowsLinuxMacOSAzure CloudSoftware DevelopmentSecurity Architecture ReviewsCloud TechnologiesSource Code ReviewRisk AssessmentSOC2 AuditsISO 27001ISO 27701ISMS ProgramGoogle Cloud PlatformOktaVMware Virtual MachinesAzureADCarbon BlackWorkspaceOneCiscoFortinetOpenVPNWAFSASEZero Trust VPNPythonTerraformPuppetC#ASP.NETContainersDNSPaaSSaaSOWASP Top 10SplunkSIEMNexposeVulnerability ScanningSecurity Tools IntegrationThreat ModelingVulnerability DetectionRoot Cause AnalysisWeb Application SecuritySecure Application DesignSecure CodingCryptographyGoCommunicationOWASP
About this role
Stack Overflow is one of the most popular websites in the world, focused on increasing productivity and protecting institutional knowledge. They are seeking a Senior Information Security Engineer to lead security initiatives, mentor team members, and contribute to the development of a robust security culture within the organization.
Responsibilities:
- Lead Contribute to security requirements in designing, developing, and deploying large-scale services and platforms
- Conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies
- Design and develop platform-level solutions to promote security-related initiatives and improvements. - Review source code for potential security issues, recommend and implement fixes
- Providing specific risk assessment and remediation guidelines for developers and business owners - Belief in automation and tooling as a critical part of the software lifecycle
- Document and disseminate security guidelines for common security issues, remediation guidance, and security baselines
- Contribute to SOC2 and ISO 27001/27701 audits as needed
- Work with developers to provide security guidance
- Actively promote improving the security culture and education within the organization
- Eager to learn new technologies and solutions
- Be curious about how systems work and how they fail, design them to be sustainable in the face of failures
Requirements:
- Strong verbal and written communication and documentation skills. 'Document as you go'
- Strong desire to secure systems, define and improve processes
- Familiarity with: Containers, Cloud, Servers, Networking, DNS, and PaaS & SaaS
- Deep technical understanding of the OWASP Top 10
- Experience with Splunk or similar SIEM
- Experience with Nexpose or similar vulnerability scanning tools
- Experience integrating security tools to work as an ecosystem
- Solid experience in threat modeling and identification techniques
- Ability to work with developers to resolve security issues
- Experience in code reviews, vulnerability detection, and root cause analysis
- 25+ years of experience in web application security, secure application design and architecture, threat modeling, secure coding, and cryptography
- Strong sense of ownership, urgency, and drive
- Self-motivated and proactive, discovering, and resolving issues before they become problems