Kopius | CareersRemote
Sr Security Engineer
United States of America
Full Time
2 weeks ago
H1B Sponsor Likely
Key skills
JavaScriptGoNode.jsAWSGCPSaaSCommunicationCollaborationOWASPCloud Security
About this role
Kopius is seeking a hands-on Security Engineer to join our team supporting a high-impact SaaS platform that handles sensitive data across large-scale environments. This role focuses on application security and cloud infrastructure security, working closely with engineering teams to identify and remediate security risks.
Responsibilities:
- Triage and prioritize large volumes of vulnerabilities from SAST/DAST tools
- Build and apply a risk-based prioritization model to identify critical issues
- Partner with engineering teams to ensure remediation work is delivered
- Own the lifecycle of security findings—from discovery through validation of fixes
- Define and enforce remediation SLAs based on severity
- Identify gaps in current security tooling and recommend improvements
- Design and implement a proactive threat hunting program
- Conduct hypothesis-driven investigations based on threat modeling insights
- Develop detection mechanisms and improve signal-to-noise ratio
- Collaborate with engineering teams on incident response and mitigation strategies
Requirements:
- Upper-intermediate to advanced English (B2–C1), with strong written and verbal communication skills
- Self-motivated, quick learner, and adaptable to new technologies and legacy systems
- Thrives in a team environment, actively contributes to collaboration, and fosters a sense of community
- Excellent problem-solving and analytical skills, with a keen eye for detail and a proactive approach to issue resolution
- Senior experience in Security Engineering, covering both application and infrastructure security
- Hands-on experience with SAST and DAST tools, including tuning and managing false positives
- Strong understanding of OWASP Top 10 vulnerabilities and modern API security risks
- Working knowledge of Node.js, JavaScript, and/or Go (ability to read and understand code)
- Experience triaging large volumes of vulnerabilities and identifying true risk exposure
- Proven ability to collaborate with engineering teams and drive remediation efforts
- Strong judgment in risk prioritization and technical decision-making
- Experience building or running a threat hunting program
- Background in regulated environments (healthcare, fintech, or similar)
- Experience evaluating or implementing vulnerability scanning tools
- Cloud security expertise (AWS and/or GCP)
- Detection engineering experience (SIEMs, rule creation, playbooks)