Security Engineer

Overview

As a Security Engineer, you will play a key role in advancing our secure-by-design and privacy-by-design practices. You will collaborate closely with Engineering, DevOps, and SRE teams to embed security throughout the development lifecycle, manage security tooling, identify and mitigate risks, and ensure compliance with industry standards. This is a hands-on technical role requiring both depth in security engineering and strong collaboration across teams.

Key Responsibilities

Application & Cloud Security

• Define and monitor standards for the operation, administration, and continuous improvement of AppSec and CloudSec tools, including WAFs, SAST, DAST, SCA, IaC/container scanners, and CNAPP platforms.
• Perform threat modeling, architecture reviews, and source code assessments to identify and mitigate risks.
• Drive secure-by-design patterns across services, APIs, and infrastructure — including encryption, key management, secrets handling, and secure protocol design.
• Partner with product and engineering teams to review plans, designs, and code for security considerations.
• Guide cloud hardening across AWS (and optionally Azure/GCP) environments using IaC templates, guardrails, and CSPM/CNAPP controls.
• Maintain and update dependencies, container images, and libraries to reduce exposure.

DevSecOps Enablement

• Integrate and automate security tooling (SAST, DAST, SCA, IaC scanning, SBOM generation) within CI/CD pipelines.
• Develop scripts and automations (e.g., Python, Bash, Terraform, REST APIs, GitHub Actions, or GitLab CI) to streamline scanning, reporting, and provisioning.
• Establish security metrics, KPIs, and dashboards to measure program maturity and remediation progress.
• Support the design and implementation of secure pipelines and infrastructure automation in collaboration with DevOps teams.

Vulnerability & Incident Management

• Triage vulnerabilities across multiple sources (SAST/DAST/SCA/IaC/API/CSPM), manage false positives, and ensure clear audit trails for exceptions.
• Serve as first-line triage for Responsible Disclosure submissions — reproduce issues, assign owners, and track SLAs to closure.
• Support compliance and audit activities with documentation of logging, monitoring, SBOMs, and vulnerability reporting.
• Continuously monitor emerging threats, maintain a security issue register, and report status to leadership.

Security Architecture & Program Maturity

• Collaborate across teams to establish and maintain a roadmap for the Application and Cloud Security programs, continuously evolving capabilities and controls.
• Influence engineers and architects to adopt consistent security patterns, frameworks, and templates.
• Develop and maintain documentation, threat models, and diagrams (data flow, network) for technical and business stakeholders.
• Evaluate new security tools and technologies for alignment with organizational needs.

Qualifications

Minimum

• 3+ years of experience in Security Engineering, Cloud, or App Security roles.
• Proficiency with modern SDLC and DevSecOps practices in cloud-native environments (microservices, containers/Kubernetes, serverless, IaC).
• Hands-on experience operating and tuning AppSec tools (SAST, DAST, SCA, IaC/container scanning, CNAPP, WAF).
• Strong understanding of cloud architecture, networking, and security (Strong AWS experience require).
• Experience with IaC (Terraform, CloudFormation) and CI/CD tools (GitHub, GitLab, CircleCI).
• Familiarity with frameworks and standards such as OWASP Top 10, ASVS, NIST SSDF, CIS Benchmarks, ISO 27001, SOC 2.
• Scripting/automation skills (Python preferred).
• Excellent communication and collaboration skills with the ability to simplify technical risk for diverse audiences.

Preferred

• WAF engineering experience (policy tuning, bot mitigation, blue/green rollout).
• Familiarity with software supply chain security (SBOMs, signing, provenance).
• Experience securing APIs and containerized workloads.
• Certifications such as CISSP, CSSLP, GWAPT, GCSA, or Cloud Security certifications (AWS/GCP/Azure).
• Bachelor’s degree in Computer Science, Engineering, or related field.

Our Culture 

We’re driven to build a strong company culture and are looking for individuals with solid alignment with the following:

• Ownership Mindset
• Act with Integrity
• Guardians of our Customers
• Opinionated Humility
• Build Trust, Earn Trust

At Veza, your base pay is one part of your total compensation package. For this position, the reasonably expected pay range can be discussed with your recruiter for the level at which this job has been scoped. Your base pay will depend on several factors, including your experience, qualifications, education, location, and skills. In the event that you are considered for a different level, a higher or lower pay range would apply. This position is also eligible for equity and a competitive benefits package.

Veza is proud to be an equal opportunity employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. We also consider qualified applicants according to applicable federal, state, and local laws. If a candidate with a disability requires an accommodation during the recruitment process, please email recruiting@veza.com