Veza Technologies, Inc.
As a Sr. Security Engineer, you will play a key role in advancing our secure-by-design and privacy-by-design practices. You will collaborate closely with Engineering, DevOps, and SRE teams to embed security throughout the development lifecycle, manage security tooling, identify and mitigate risks, and ensure compliance with industry standards. This is a hands‑on technical role requiring both depth in security engineering and strong collaboration across teams.
Key Responsibilities
Define and monitor standards for the operation, administration, and continuous improvement of AppSec and CloudSec tools, including WAFs, SAST, DAST, SCA, IaC/container scanners, and CNAPP platforms.
Perform threat modeling, architecture reviews, and source code assessments to identify and mitigate risks.
Drive secure-by-design patterns across services, APIs, and infrastructure — including encryption, key management, secrets handling, and secure protocol design.
Partner with product and engineering teams to review plans, designs, and code for security considerations.
Guide cloud hardening across AWS (and optionally Azure/GCP) environments using IaC templates, guardrails, and CSPM/CNAPP controls.
Maintain and update dependencies, container images, and libraries to reduce exposure.
DevSecOps Enablement
Integrate and automate security tooling (SAST, DAST, SCA, IaC scanning, SBOM generation) within CI/CD pipelines.
Develop scripts and automations (e.g., Python, Bash, Terraform, REST APIs, GitHub Actions, or GitLab CI) to streamline scanning, reporting, and provisioning.
Establish security metrics, KPIs, and dashboards to measure program maturity and remediation progress.
Support the design and implementation of secure pipelines and infrastructure automation in collaboration with DevOps teams.
Vulnerability & Incident Management
Triage vulnerabilities across multiple sources (SAST/DAST/SCA/IaC/API/CSPM), manage false positives, and ensure clear audit trails for exceptions.
Serve as first‑line triage for Responsible Disclosure submissions — reproduce issues, assign owners, and track SLAs to closure.
Support compliance and audit activities with documentation of logging, monitoring, SBOMs, and vulnerability reporting.
Continuously monitor emerging threats, maintain a security issue register, and report status to leadership.
Security Architecture & Program Maturity
Collaborate across teams to establish and maintain a roadmap for the Application and Cloud Security programs, continuously evolving capabilities and controls.
Influence engineers and architects to adopt consistent security patterns, frameworks, and templates.
Develop and maintain documentation, threat models, and diagrams (data flow, network) for technical and business stakeholders.
Evaluate new security tools and technologies for alignment with organizational needs.
Qualifications Minimum
3+ years of experience in Security Engineering, Cloud, or App Security roles.
Proficiency with modern SDLC and DevSecOps practices in cloud-native environments (microservices, containers/Kubernetes, serverless, IaC).
Hands‑on experience operating and tuning AppSec tools (SAST, DAST, SCA, IaC/container scanning, CNAPP, WAF).
Strong understanding of cloud architecture, networking, and security (Strong AWS experience required).
Experience with IaC (Terraform, CloudFormation) and CI/CD tools (GitHub, GitLab, CircleCI).
Familiarity with frameworks and standards such as OWASP Top 10, ASVS, NIST SSDF, CIS Benchmarks, ISO 27001, SOC 2.
Excellent communication and collaboration skills with the ability to simplify technical risk for diverse audiences.
Preferred
WAF engineering experience (policy tuning, bot mitigation, blue/green rollout).
Familiarity with software supply chain security (SBOMs, signing, provenance).
Experience securing APIs and containerized workloads.
Certifications such as CISSP, CSSLP, GWAPT, GCSA, or Cloud Security certifications (AWS/GCP/Azure).
Bachelor’s degree in Computer Science, Engineering, or related field.
The compensation for this role depends on several factors such as the candidate's skills, qualifications, experience, and work location. For candidates offered a position at the posted job level, the provided range is the expected base salary. This does not include any additional variable compensation, such as commission.
Compensation Disclosure
$154,000 - $210,000 USD
Our Culture
Ownership Mindset
Act with Integrity
Guardians of our Customers
Opinionated Humility
Build Trust, Earn Trust
Veza is proud to be an equal opportunity employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. We also consider qualified applicants according to applicable federal, state, and local laws. If a candidate with a disability requires an accommodation during the recruitment process, please email recruiting@veza.com
#J-18808-Ljbffr
Key Responsibilities
Define and monitor standards for the operation, administration, and continuous improvement of AppSec and CloudSec tools, including WAFs, SAST, DAST, SCA, IaC/container scanners, and CNAPP platforms.
Perform threat modeling, architecture reviews, and source code assessments to identify and mitigate risks.
Drive secure-by-design patterns across services, APIs, and infrastructure — including encryption, key management, secrets handling, and secure protocol design.
Partner with product and engineering teams to review plans, designs, and code for security considerations.
Guide cloud hardening across AWS (and optionally Azure/GCP) environments using IaC templates, guardrails, and CSPM/CNAPP controls.
Maintain and update dependencies, container images, and libraries to reduce exposure.
DevSecOps Enablement
Integrate and automate security tooling (SAST, DAST, SCA, IaC scanning, SBOM generation) within CI/CD pipelines.
Develop scripts and automations (e.g., Python, Bash, Terraform, REST APIs, GitHub Actions, or GitLab CI) to streamline scanning, reporting, and provisioning.
Establish security metrics, KPIs, and dashboards to measure program maturity and remediation progress.
Support the design and implementation of secure pipelines and infrastructure automation in collaboration with DevOps teams.
Vulnerability & Incident Management
Triage vulnerabilities across multiple sources (SAST/DAST/SCA/IaC/API/CSPM), manage false positives, and ensure clear audit trails for exceptions.
Serve as first‑line triage for Responsible Disclosure submissions — reproduce issues, assign owners, and track SLAs to closure.
Support compliance and audit activities with documentation of logging, monitoring, SBOMs, and vulnerability reporting.
Continuously monitor emerging threats, maintain a security issue register, and report status to leadership.
Security Architecture & Program Maturity
Collaborate across teams to establish and maintain a roadmap for the Application and Cloud Security programs, continuously evolving capabilities and controls.
Influence engineers and architects to adopt consistent security patterns, frameworks, and templates.
Develop and maintain documentation, threat models, and diagrams (data flow, network) for technical and business stakeholders.
Evaluate new security tools and technologies for alignment with organizational needs.
Qualifications Minimum
3+ years of experience in Security Engineering, Cloud, or App Security roles.
Proficiency with modern SDLC and DevSecOps practices in cloud-native environments (microservices, containers/Kubernetes, serverless, IaC).
Hands‑on experience operating and tuning AppSec tools (SAST, DAST, SCA, IaC/container scanning, CNAPP, WAF).
Strong understanding of cloud architecture, networking, and security (Strong AWS experience required).
Experience with IaC (Terraform, CloudFormation) and CI/CD tools (GitHub, GitLab, CircleCI).
Familiarity with frameworks and standards such as OWASP Top 10, ASVS, NIST SSDF, CIS Benchmarks, ISO 27001, SOC 2.
Excellent communication and collaboration skills with the ability to simplify technical risk for diverse audiences.
Preferred
WAF engineering experience (policy tuning, bot mitigation, blue/green rollout).
Familiarity with software supply chain security (SBOMs, signing, provenance).
Experience securing APIs and containerized workloads.
Certifications such as CISSP, CSSLP, GWAPT, GCSA, or Cloud Security certifications (AWS/GCP/Azure).
Bachelor’s degree in Computer Science, Engineering, or related field.
The compensation for this role depends on several factors such as the candidate's skills, qualifications, experience, and work location. For candidates offered a position at the posted job level, the provided range is the expected base salary. This does not include any additional variable compensation, such as commission.
Compensation Disclosure
$154,000 - $210,000 USD
Our Culture
Ownership Mindset
Act with Integrity
Guardians of our Customers
Opinionated Humility
Build Trust, Earn Trust
Veza is proud to be an equal opportunity employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. We also consider qualified applicants according to applicable federal, state, and local laws. If a candidate with a disability requires an accommodation during the recruitment process, please email recruiting@veza.com
#J-18808-Ljbffr