Command Alkon
Title:
Senior Security Engineer
Summary of Role
The Senior Security Engineer plays a critical role in securing the company's SaaS platform, web applications, and underlying infrastructure. This position is responsible for designing and implementing security controls, automating protection mechanisms, and embedding security throughout the software development lifecycle (SDLC). You will partner closely with Product, Engineering, and DevOps teams to identify vulnerabilities, manage risks, and ensure compliance with security best practices. The ideal candidate brings deep expertise in web application and API security, thrives in a cloud-native environment, and is passionate about building scalable, secure systems without slowing down innovation.
How You'll Succeed
Application & Web Security
-Design and implement security measures for web applications, APIs, and microservices across the SaaS platform.
-Perform regular application security assessments, including code reviews, static/dynamic analysis (SAST/DAST), and manual penetration testing.
-Collaborate with development teams to remediate vulnerabilities and establish secure coding practices.
-Integrate security testing into CI/CD pipelines using tools such as GitHub Advanced Security, Snyk, or Veracode.
-Implement and maintain API security controls, including authentication, authorization, and rate-limiting.
-Lead efforts to prevent and mitigate OWASP Top 10 vulnerabilities, such as injection, XSS, CSRF, and broken access control.
-Develop threat models and perform security design reviews for new web features and releases.
-Champion "security by design" principles within product development and architecture reviews.
Security Architecture & Infrastructure Protection
-Design and maintain secure cloud architectures across AWS, Azure, or GCP.
-Partner with DevOps and Infrastructure teams to ensure secure configurations, least privilege access, and compliance with CIS benchmarks.
-Automate security controls and compliance checks using Infrastructure as Code (IaC) and Policy as Code.
-Manage identity and access management (IAM), encryption, and secret management systems.
Threat Detection & Incident Response
-Monitor, detect, and respond to application and infrastructure security incidents using SIEM and SOAR platforms.
-Conduct root cause analysis and deliver detailed incident reports with actionable improvements.
-Continuously refine detection rules and playbooks to address emerging web and application threats.
Vulnerability & Risk Management
-Lead vulnerability scanning and remediation efforts for applications, APIs, and cloud environments.
-Coordinate third-party penetration tests and security audits; track and validate remediation progress.
-Work cross-functionally to prioritize risks based on impact, exploitability, and exposure.
Collaboration, Leadership & Enablement
-Partner with development teams to embed security controls throughout the SDLC ("shift-left" approach).
-Provide secure development training and mentorship to engineering teams.
-Advocate for security awareness across products, infrastructure, and operations functions.
-Communicate technical risks, trends, and countermeasures clearly to both technical and executive audiences.
-Reduction in web application vulnerabilities and faster remediation cycles.
-Secure coding standards and automated testing integrated into all development pipelines.
-Comprehensive visibility into SaaS application security posture.
-Strong collaboration between Security, Product, and Engineering teams.
-Measurable improvements in customer data protection and compliance readiness.
What You Bring
-Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
-Professional certifications such as OSWE, OSCP, GWAPT, CSSLP, or AWS Certified Security Specialty.
-Experience building or securing containerized and serverless web applications.
-Familiarity with identity-centric security models (OAuth2, SAML, OIDC) and Zero Trust principles.
-5+ years of experience in application or cloud security, preferably in a SaaS or multi-tenant environment.
-Proven experience securing modern web applications and APIs (REST, GraphQL).
-Hands-on experience with web app security tools and technologies:
AppSec tools: Burp Suite, OWASP ZAP, Veracode, Snyk, or GitHub Advanced Security.
CI/CD integration: Jenkins, GitLab, Azure DevOps, or GitHub Actions.
Cloud security: AWS Security Hub, GuardDuty, Azure Defender, Prisma Cloud, or Lacework.
-Deep understanding of OWASP Top 10, API Security Top 10, and secure software design principles.
-Proficiency in scripting and automation (Python, PowerShell, Bash) for scanning, analysis, and reporting.
-Familiarity with web frameworks (React, Angular, Node.js, .NET, Java, etc.) and how to secure them.
-Knowledge of compliance and regulatory frameworks (SOC 2, ISO 27001, NIST, GDPR).
-Strong collaboration and communication skills, with the ability to influence engineers and stakeholders.
-Passion about making security an enabler, not a blocker, in web and SaaS development.
-Automation driven, seeking to integrate and automate security tools across SDLC.
-Analytical problem solver, thriving in debugging complex web vulnerabilities and understanding exploit patterns.
-Collaborative partner, working seamlessly with developers and DevOps to embed secure coding practices.
-Proactive defender, anticipating threats, implementing preventive controls, and thinking like an attacker to stay ahead.
Who You Are
Tech Savvy - You anticipate and adopt innovations in business-building digital and technology applications
Manages Complexity - You make sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
Ensures Accountability - You hold yourself and others accountable to meet commitments.
Courage - You step up to address difficult issues and say what needs to be said.
Decision Quality - You make good and timely decisions that keep the organization moving forward.
All Company Core Competencies
Customer Focus: You build strong customer relationships and deliver customer-centric solutions.
Cultivates Innovation: You create new and better ways for the organization to be successful.
Collaborates: You build partnerships and work collaboratively with others to meet shared objectives.
Instills Trust: You gain the confidence and trust of others through honesty, integrity, and authenticity.
Self-Development: You actively seek new ways to grow and be challenged using both formal and informal development channels.
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
Senior Security Engineer
Summary of Role
The Senior Security Engineer plays a critical role in securing the company's SaaS platform, web applications, and underlying infrastructure. This position is responsible for designing and implementing security controls, automating protection mechanisms, and embedding security throughout the software development lifecycle (SDLC). You will partner closely with Product, Engineering, and DevOps teams to identify vulnerabilities, manage risks, and ensure compliance with security best practices. The ideal candidate brings deep expertise in web application and API security, thrives in a cloud-native environment, and is passionate about building scalable, secure systems without slowing down innovation.
How You'll Succeed
Application & Web Security
-Design and implement security measures for web applications, APIs, and microservices across the SaaS platform.
-Perform regular application security assessments, including code reviews, static/dynamic analysis (SAST/DAST), and manual penetration testing.
-Collaborate with development teams to remediate vulnerabilities and establish secure coding practices.
-Integrate security testing into CI/CD pipelines using tools such as GitHub Advanced Security, Snyk, or Veracode.
-Implement and maintain API security controls, including authentication, authorization, and rate-limiting.
-Lead efforts to prevent and mitigate OWASP Top 10 vulnerabilities, such as injection, XSS, CSRF, and broken access control.
-Develop threat models and perform security design reviews for new web features and releases.
-Champion "security by design" principles within product development and architecture reviews.
Security Architecture & Infrastructure Protection
-Design and maintain secure cloud architectures across AWS, Azure, or GCP.
-Partner with DevOps and Infrastructure teams to ensure secure configurations, least privilege access, and compliance with CIS benchmarks.
-Automate security controls and compliance checks using Infrastructure as Code (IaC) and Policy as Code.
-Manage identity and access management (IAM), encryption, and secret management systems.
Threat Detection & Incident Response
-Monitor, detect, and respond to application and infrastructure security incidents using SIEM and SOAR platforms.
-Conduct root cause analysis and deliver detailed incident reports with actionable improvements.
-Continuously refine detection rules and playbooks to address emerging web and application threats.
Vulnerability & Risk Management
-Lead vulnerability scanning and remediation efforts for applications, APIs, and cloud environments.
-Coordinate third-party penetration tests and security audits; track and validate remediation progress.
-Work cross-functionally to prioritize risks based on impact, exploitability, and exposure.
Collaboration, Leadership & Enablement
-Partner with development teams to embed security controls throughout the SDLC ("shift-left" approach).
-Provide secure development training and mentorship to engineering teams.
-Advocate for security awareness across products, infrastructure, and operations functions.
-Communicate technical risks, trends, and countermeasures clearly to both technical and executive audiences.
-Reduction in web application vulnerabilities and faster remediation cycles.
-Secure coding standards and automated testing integrated into all development pipelines.
-Comprehensive visibility into SaaS application security posture.
-Strong collaboration between Security, Product, and Engineering teams.
-Measurable improvements in customer data protection and compliance readiness.
What You Bring
-Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
-Professional certifications such as OSWE, OSCP, GWAPT, CSSLP, or AWS Certified Security Specialty.
-Experience building or securing containerized and serverless web applications.
-Familiarity with identity-centric security models (OAuth2, SAML, OIDC) and Zero Trust principles.
-5+ years of experience in application or cloud security, preferably in a SaaS or multi-tenant environment.
-Proven experience securing modern web applications and APIs (REST, GraphQL).
-Hands-on experience with web app security tools and technologies:
AppSec tools: Burp Suite, OWASP ZAP, Veracode, Snyk, or GitHub Advanced Security.
CI/CD integration: Jenkins, GitLab, Azure DevOps, or GitHub Actions.
Cloud security: AWS Security Hub, GuardDuty, Azure Defender, Prisma Cloud, or Lacework.
-Deep understanding of OWASP Top 10, API Security Top 10, and secure software design principles.
-Proficiency in scripting and automation (Python, PowerShell, Bash) for scanning, analysis, and reporting.
-Familiarity with web frameworks (React, Angular, Node.js, .NET, Java, etc.) and how to secure them.
-Knowledge of compliance and regulatory frameworks (SOC 2, ISO 27001, NIST, GDPR).
-Strong collaboration and communication skills, with the ability to influence engineers and stakeholders.
-Passion about making security an enabler, not a blocker, in web and SaaS development.
-Automation driven, seeking to integrate and automate security tools across SDLC.
-Analytical problem solver, thriving in debugging complex web vulnerabilities and understanding exploit patterns.
-Collaborative partner, working seamlessly with developers and DevOps to embed secure coding practices.
-Proactive defender, anticipating threats, implementing preventive controls, and thinking like an attacker to stay ahead.
Who You Are
Tech Savvy - You anticipate and adopt innovations in business-building digital and technology applications
Manages Complexity - You make sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
Ensures Accountability - You hold yourself and others accountable to meet commitments.
Courage - You step up to address difficult issues and say what needs to be said.
Decision Quality - You make good and timely decisions that keep the organization moving forward.
All Company Core Competencies
Customer Focus: You build strong customer relationships and deliver customer-centric solutions.
Cultivates Innovation: You create new and better ways for the organization to be successful.
Collaborates: You build partnerships and work collaboratively with others to meet shared objectives.
Instills Trust: You gain the confidence and trust of others through honesty, integrity, and authenticity.
Self-Development: You actively seek new ways to grow and be challenged using both formal and informal development channels.
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.