Senior Platform Engineer, Security
Build and secure Doxel's internal developer platform on GCP. Own cloud security posture, embed security into CI/CD pipelines, and drive adoption of secure golden paths across engineering teams.
Senior Application Security Engineer
Senior Application Security Engineer embeds security into the SDLC, manages AppSec tools in CI/CD pipelines, and partners with developers to identify and remediate risks early. Requires 6+ years experience, strong AWS/Kubernetes security, and programming in Python/Go/JavaScript.
United StatesSecurity EngineeringRemote6+ YOE
About the role
Responsibilities
- Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams.
- Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions).
- Partner with developers on new features and systems to identify risks early in the lifecycle.
- Implement best practices for secrets handling, API authentication/authorization, and data protection.
- Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster.
- Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution.
- Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements.
- Implement monitoring, alerting, and remediation for security incidents across our platform.
- Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
- Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
- Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others.
Qualifications
- 6+ years in security engineering, DevSecOps, or related roles, including experience at scale.
- Excellent communication and teamwork abilities.
- Strong experience integrating security into modern SDLC pipelines.
- Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.).
- Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation).
- Familiarity with AWS/Kubernetes security.
- Strong programming skills (Python, Go, JavaScript) to build tools, write secure code, and contribute to developer libraries.
- Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity.
- Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF).
- Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies).
- Hands-on with Terraform, Helm, and GitOps practices.
- Familiarity with security tooling (Trivy, Falco, Snyk, Aqua).
- Knowledge of networking, encryption, and cloud-native security best practices.
Skills
SASTDASTScaSnykOwasp ZapBurp SuiteSonarqubeCheckmarxKubernetesAWSIAMTerraformHelmPythonGo
Similar roles
Security Engineering jobsSenior Product Security Engineer
Hands-on security engineer building product security guardrails, tooling, and SDLC integrations for a multi-product HR/IT/Finance platform. Requires 5+ years in product security, fluency in Python/React/DRF, and experience leading cross-team vulnerability remediation.
Senior Software Security Engineer
Senior security engineer building and maintaining identity, secrets, and cloud security systems for AI infrastructure. Requires 5+ years experience, strong Python/Go/Rust skills, and cloud security expertise.
Software Engineer - Security Platform
Build and operate secure distributed systems for secrets/key management, PKI, and machine identity across Cloudflare's global network. Requires 8+ years experience in software development, distributed systems, and security implementation.