Security Engineer II @ fabric | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Security Engineer II jobs in United States
200+ applicants
company-logo

fabric · 5 hours ago

Security Engineer II

ftfMaximize your interview chances
B2BB2C
check
H1B Sponsor Likelynote

Insider Connection @fabric

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Ability to work independently and as part of a team.
Experience in threat modeling methodologies (e.g. STRIDE, DREAD) and tools to develop and maintain threat models that reflect the organization's security posture.
Experience working with developers to communicate deficiencies and implement security measures.
Design, deploy, and maintain centralized security tools, technologies, and controls to monitor and protect our infrastructure and applications.
Help build and maintain runbooks and document policies and procedures.
Develop and maintain security metrics to track progress toward security goals.
Maintain essential skills in modern technology. Use automation wherever possible.
Conduct security reviews for new and existing software systems, integrations, and operational processes, which includes security testing and vulnerability scanning.
Review and enhance access controls, authentication mechanisms, and data encryption methods.
Collaborate with IT, development, and operations teams to integrate security best practices into our systems and software development lifecycle.
Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines.
Assess, identify, and monitor security risks, vulnerabilities, and threats, and develop effective mitigation strategies with engineering stakeholders to ensure timely remediations.
Educate and train employees on security awareness and best practices.
Assist systems integration with fabric customers to ensure security best practices
Provide guidance and mentorship to junior team members.
Participate in security detection, incident response, and post-response activities.
Stay up-to-date with industry trends, emerging threats, and security standards to adapt and improve our security posture.
Support and drive compliance programs with relevant regulations and industry standards (e.g., PCI DSS, SOC2, NIST).

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecurityThreat ModelingAWSPythonJavaScriptOWASP StandardsNIST StandardsDevSecOpsCI/CD ProcessesSIEM ToolsSplunkDatadogSecurity MetricsSecurity AutomationDockerKubernetesSecurity Awareness TrainingCloud Security

Required

5+ years of prior experience in security engineering/applications security
2+ years of experience with AWS
Experience with scripting languages such as Python or JavaScript.
Experience working with OWASP and NIST security standards and frameworks.
Experience within DevSecOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitHub, GitLab, etc.
Ability to establish and report metrics and KPIs to the executive leadership team to measure the effectiveness of Security Engineering
Ability to work independently and as part of a team.
Experience in threat modeling methodologies (e.g. STRIDE, DREAD) and tools to develop and maintain threat models that reflect the organization's security posture.
Experience working with developers to communicate deficiencies and implement security measures.
Design, deploy, and maintain centralized security tools, technologies, and controls to monitor and protect our infrastructure and applications.
Help build and maintain runbooks and document policies and procedures.
Develop and maintain security metrics to track progress toward security goals.
Maintain essential skills in modern technology. Use automation wherever possible.
Conduct security reviews for new and existing software systems, integrations, and operational processes, which includes security testing and vulnerability scanning.
Review and enhance access controls, authentication mechanisms, and data encryption methods.
Collaborate with IT, development, and operations teams to integrate security best practices into our systems and software development lifecycle.
Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines.
Assess, identify, and monitor security risks, vulnerabilities, and threats, and develop effective mitigation strategies with engineering stakeholders to ensure timely remediations.
Educate and train employees on security awareness and best practices.
Assist systems integration with fabric customers to ensure security best practices
Provide guidance and mentorship to junior team members.
Participate in security detection, incident response, and post-response activities.
Stay up-to-date with industry trends, emerging threats, and security standards to adapt and improve our security posture.
Support and drive compliance programs with relevant regulations and industry standards (e.g., PCI DSS, SOC2, NIST).

Preferred

Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, GCP, VMWare).
Experience with SIEM tools. Prefer experience with tools such as Splunk or Datadog.
Proven experience in information security, with a focus on ecommerce or web applications.
Strong knowledge of security architectures, cloud deployment paradigms, and common security principles.
Excellent written and verbal communication skills.
Hands-on knowledge of AWS security tools e.g., AWS WAF, AWS Cloudtrail, AWS Guard Duty, AWS Security Hub. Prefer AWS Security Speciality certification.
Experience securing the software supply chain including implementing appropriate controls across the SDLC and managing change along the way.
Experience with code review, SAST, DAST, SCA, container security, IaC scanning
Experience with containers, enterprise container orchestration, and related tools such as Docker, Rancher, Kubernetes, and public cloud container services.
Experience working across teams to drive the adoption of security best practices
Understanding of security automation within DevOps and CI/CD processes including vulnerability identification and management.
Experience integrating security solutions into CI/CD workflows and toolsets.

Benefits

Competitive compensation packages
PTO and Holiday plans
Benefits packages which include Medical, Dental, Life, and Vision
Wellness & Technology Programs
401k Program
Fast-paced, fun and collaborative environment
A team invested in you both personally and professionally

Company

fabric offers a headless eCommerce platform that enables companies to grow their online presence via its API-driven modular system.

H1B Sponsorship

fabric has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (4)
2022 (6)
2021 (10)

Funding

Current Stage
Growth Stage
Total Funding
$293.5M
Key Investors
SoftBank Vision FundStripesNorwest Venture Partners
2022-02-24Series C· $140M
2021-07-20Series B· $100M
2021-02-09Series A· $43M

Leadership Team

leader-logo
Umer Sadiq
CTO
linkedin
leader-logo
Morgan Dollard
Senior Vice President Product Management & Delivery
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot