Sr. Security Engineer
Role details
Job location
Tech stack
Job description
We are seeking a Sr. Security Engineer with a focus on cloud and application security to join our team as a hands-on individual contributor. This role is responsible for designing, implementing, and operating security controls that protect our e-commerce platforms and other enterprise technology environments., * Operate and enhance security solutions protecting customer-facing omnichannel commerce platforms, including web application firewalls (WAF), bot mitigation, and API security controls
- Drive improvements in cloud security posture across Azure and AWS environments using CSPM/CNAPP tooling, and implement scalable governance and security controls
- Build, integrate, and mature application security capabilities, including SAST, DAST, and SCA, embedding them into CI/CD pipelines and developer workflows ("shift-left" security)
- Partner with engineering, infrastructure, and product teams to implement secure solutions and ensure alignment with enterprise security standards
- Act as a security subject matter expert within enterprise initiatives, providing guidance and oversight for control implementation and risk reduction
- Drive the implementation and ongoing enhancement of security-owned tools and capabilities to reduce risk and improve analyst visibility
- Serve as an escalation point for internal security operations, supporting detection tuning, incident response, and threat analysis
- Develop and maintain automation (scripts, workflows, integrations) to improve the efficiency and consistency of security control deployment and enforcement
- Continuously evaluate emerging threats, technologies, and industry practices to enhance security capabilities and address evolving risks
Requirements
Success in this role requires strong technical execution, cross-functional collaboration, and the ability to operate as a generalist across multiple security domains. A proactive mindset, strong organizational skills, clear communication, and an appetite for continuous learning are essential., * Strong understanding of network and application security technologies, including WAF, CDN, API security, and bot mitigation
- Experience securing cloud environments (primarily Azure and AWS), with the ability to implement controls programmatically and at scale
- Familiarity with cloud security tooling such as CSPM/CNAPP platforms and cloud-native security controls
- Understanding of modern software development practices, including CI/CD pipelines, containerization, and microservices architectures
- Experience integrating security tools (SAST, DAST, SCA) into development workflows and supporting "shift-left" security initiatives
- Proficiency in scripting or automation (e.g., PowerShell, Python, or similar) to support security engineering and operations
- Strong communication and organizational skills, with the ability to work effectively across technical and non-technical teams
- Ability to operate independently with minimal oversight while managing multiple priorities, * Experience with technologies such as Cloudflare, CrowdStrike (EDR/Cloud Security), BlackDuck/Snyk/GitHub Security, GitHub Enterprise, and SIEM platforms
- Understanding of identity and access management practices and implementation of IAM controls
- Familiarity with vulnerability management programs and tooling
- Exposure to operating within or managing multi-cloud environments
- Experience securing or evaluating AI/ML-based solutions in an enterprise environment
- Background in infrastructure engineering or software development