SIGN IN
Security Engineer II jobs in United States
cer-icon
Apply on Employer Site
company-logo

Subsplash · 9 hours ago

Security Engineer II

positionUnited States
timeFull-time
remoteRemote
seniorityMid Level
money$140K/yr - $175K/yr
date3+ years exp
Subsplash is an exciting, award-winning team of mission-driven people committed to core values of humility, innovation, and excellence. The Security Engineer II will prioritize security concerns, collaborate with various teams to embed security practices across the software development lifecycle, and focus on identifying and remediating security vulnerabilities.
PhotographySoftware
check
Growth OpportunitiesbadNo H1Bnote
Hiring Manager
Brooke Meyers
linkedin

Responsibilities

Drive for and enable proactive identification, analysis, and remediation of security vulnerabilities in our software codebases and cloud infrastructure systems
Respond to manage our pen testing and bug bounty programs
Focus on selecting, integrating, and operating apps and tools that multiply individual efforts by automating preventative strategies, to help drive down manual, reactive tasks
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the software development lifecycle (SDLC)
Participate in security reviews, threat modeling, and security improvement workshops
Promote awareness of, and adherence to, secure coding best practices and standards
Influence the strategy and implementation of security solutions, advocating for DevSecOps principles and identifying effective and efficient security guardrails
Prioritize secure, scalable, observable code and infrastructure with a bias towards continuous improvement
Design, develop, integrate, and maintain our core security tooling (e.g. SAST/DAST, SCA, etc.), driving adoption and iteration to provide clear value to engineering teams
Maintain great communication with engineers and colleagues to help bridge the gap between compliance requirements and security solution implementation and iteration
Participate in the team’s on-call rotation as needed, acting as the primary security subject matter expert for high-severity or escalated security incidents
Partner with the IT team to provide security consultation and technical expertise with ad hoc projects and requests
Act as the primary technical subject matter expert for the cybersecurity remediation project, working in lockstep with the SRE Manager and SRE team to implement solutions and track progress toward successful, timely completion

Qualification

Security engineeringCloud-native architectureSecurity testing toolsThreat modelingAgile developmentConfiguration managementData security best practicesSecurity frameworksCommunicationOrganizational skillsContinuous learning

Required

At least 3 to 5 years of full-time experience in a security engineering or similar role in a group/team environment
Familiarity with common web application and network security concepts, threats, and vulnerabilities (e.g., OWASP Top 10)
Experience with security best practices across different technology stacks (e.g., server-side, client-side, mobile)
Proven ability to design and implement secure architectures in a cloud-native environment, including experience conducting threat modeling and security design reviews
Embracing the Agile and feature-driven development processes

Preferred

Bachelor of Science in Computer Science, Computer Engineering, Cybersecurity, or equivalent experience
Experience with security features and tools available from cloud providers such as AWS, Azure, and GCP
Experience with security testing tools (e.g., SAST, DAST, penetration testing tools)
Experience with configuration management and infrastructure as code tools (e.g., Terraform, Ansible)
Knowledge of data security best practices related to PCI/DSS, HIPAA, or other compliance standards
Understanding of AI security best practices and prompt injection prevention and identification
Familiar with common security frameworks and standards (e.g., ISO 27001, NIST, SOC 2)
Experience with REST API microservice architecture, securing container runtimes, Kubernetes, and related cloud-native workload security principles and practices
Familiar with good security engineering principles such as: least privilege, defense-in-depth, security automation, etc
Experience identifying and protecting against security risks such as XSS, SQL Injection, SSRF, insecure direct object references, and session hijacking
Experience in developing secure codebases using Git or similar version control systems
Working understanding of OAuth2, OIDC, and other authentication/authorization protocols
Knowledge of Continuous Integration, Continuous Delivery, LEAN, and SOLID principles as they relate to security

Benefits

Generous Paid Time Off (Accrual rate of 15 days for the first year and then 20 vacation days per year beginning on your 1 year anniversary)
Medical Coverage
Dental Coverage
Vision Coverage
Short and long term disability and life insurance all free of charge
Competitive Compensation
401k Matching
Professional Development
Top of the Line Equipment
Referral Program
Parental Leave
Family-Friendly Culture
The chance to work side-by-side with thought leaders in emerging tech

Company

Subsplash

twittertwittertwitter
Glassdoor4.6
company-logo
Subsplash is a design-centric software company. They are a design studio that creates beautiful user interfaces for anything with a screen.
dateFounded in 2005
location
Seattle, Washington, USA
people-size201-500 employees
web-link
http://www.subsplash.com

Funding

Current Stage
Growth Stage
Total Funding
unknown
2025-07-21Acquired

Leadership Team

leader-logo
Steve Testone
Chief Product Officer
linkedin

Recent News

Morningstar.com
Subsplash and Pulpit AI Partner with Southeastern University
2025-09-17
PE Hub
Roper Technologies to acquire K1-backed Subsplash
2025-07-24
PE Hub
Roper Technologies to take K1-backed Subsplash private
2025-07-23
Company data provided by crunchbase