AutoFi logo
AutoFi

Bringing joy and trust to the auto retail experience by empowering sellers to succeed in a complex environment.

Senior Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 201-500H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

58 days ago

Salary

$175K - $185K / year

Seniority

Senior

Bachelor Degree6 yrs expEnglishCloudCyber SecurityJavaScriptNode.js

Job Description

Senior Security Engineer

AutoFi

• Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems. • Partner with engineering and product teams to conduct security design reviews for new features, architecture changes, sensitive workflows, and production-bound implementations. • Design and implement security standards and secure development practices across engineering teams. • Champion security-related activities throughout the software development lifecycle, including secure design, threat modeling, secure coding practices, security testing, and risk-based remediation. • Implement, operate, and improve DevSecOps tooling and processes, including SAST, DAST, SCA, secret scanning, dependency analysis, and other application security controls. • Assess infrastructure, web applications, and cloud environments to help identify, prioritize, and drive remediation of security risks. • Triage vulnerability findings from application security tools, penetration tests, vendor assessments, external reports, and internal reviews. • Conduct proactive threat hunting using available telemetry from cloud environments, application logs, WAF events, identity systems, endpoint signals, and security platforms. • Support continuous improvement of AutoFi’s security operations processes, including alert tuning, detection logic, workflow automation, and post-incident lessons learned. • Assist in defining, implementing, and maintaining third-party risk management policies, procedures, standards, and assessment workflows. • Conduct and support vendor security assessments • Identify, document, and help reduce risks related to third-party vendors, SaaS platforms, integrations, service providers, and business partners.

Job Requirements

  • 6+ years of experience in security engineering, application security, cloud security, security operations, or a related security function.
  • Experience designing and implementing security controls for modern SaaS, cloud, web application, and API environments.
  • Hands-on experience with application security practices, including secure design reviews, threat modeling, secure code review, vulnerability assessment, and OWASP-based testing methodologies.
  • Strong understanding of SAST, DAST, IAST, and SCA tooling
  • Experience with web & cloud security controls/frameworks
  • Familiarity with network and web application protocols (HTTP/S, SAML 2.0, OAuth, Rest APIs)
  • Experience with SIEM platforms, alert triage, security investigations, detection workflows, and incident response procedures.
  • Familiarity with indicators of compromise, indicators of attack, threat hunting techniques, and incident escalation processes.
  • Industry experience building data-driven applications with Javascript, Node.js, and NoQSL.
  • Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or relevant degree, with the ability to demonstrate sophisticated logical thought processes.
  • Ability to communicate security risks clearly to engineering, product, compliance, business, and executive stakeholders.
  • Comfortable operating in a fast-paced environment with evolving priorities and shared ownership across multiple security domains.

Benefits

  • We offer full training and a competitive total rewards package along with great benefits
  • Medical, Dental & Vision coverage - 100% premium coverage for employee / 50+% for dependents
  • Flexible work hours
  • Remote environment
  • Competitive pay
  • Visionary leadership team
  • Growth opportunities within a dynamic culture
  • Wellness & cultural initiatives (fitness challenges, wellness webinars, virtual games, regional activities, etc.)
  • Up to $1K per year for employee professional development
  • Stock options - we are all owners!

Related Categories

Related Job Pages

More Security Engineer Jobs

Smartsheet logo

Senior Security Engineer II, Application Security

Smartsheet

Founded in 2005, Smartsheet offers collaborative work management and process automation to empower greater enterprise productivity. A leading cloud-based platfo

• Conduct security reviews and threat modeling of AI-integrated product features • Own end-to-end security assessments for high-risk features and services • Operate and evolve the security scanning controls embedded in Smartsheet's GitLab pipelines • Serve as the expert validation layer for Smartsheet's bug bounty program

Washington
$175K - $245K / year
Job Closed
A.C.Coy Company logo

Junior Identity Security Metrics, Databricks Analyst

A.C.Coy Company

Staffing and consulting firm specializing in IT, Accounting & Finance, Engineering and Sales placements.

Full TimeRemoteTeam 51-200Since 1986H1B No Sponsor

• Drive Identity Security initiatives, including developing “metrics that matter” within existing identity platforms such as Okta and Ping Identity • Utilize Databricks to extract, analyze, and generate data reports from the platform • Conduct threat and vulnerability assessments to identify and mitigate security risks

Virginia
$50K - $80K / year
OCT Consulting LLC logo

Project Manager – Security Steward

OCT Consulting LLC

Leaders in Organizational Change & Technology

Full TimeRemoteTeam 51-200H1B No Sponsor

• Provide project management support aligned with the Enterprise Performance Life Cycle (EPLC). • Develop management plans, work breakdown structures, and integrated master schedules. • Identify risks and implement mitigation strategies. • Support lifecycle processes including analysis, testing, and reporting. • Provide technical assistance to ensure systems meet business needs. • Apply frameworks such as SAFe and Six Sigma to streamline project execution. • Prepare all documents and artifacts required under the agency’s governance framework. • Provide project management services to program areas as directed by client to support oversight, collaboration, information exchange, and effective implementation of products and services throughout their life cycle. • Perform tasks including process diagramming, testing and documenting results, preparing status summaries, and describing issues. • Submit assigned projects into SharePoint or specified location within designated timeframes. • Attend all meetings for assigned workgroups and communities of practice. • Develop a transition plan with the COR and Technical Monitor. • Provide a detailed strategy for transferring projects and tasks based on program needs.

Maryland
$130K - $150K / year
Job Closed
Noblis logo

Network Security Engineer

Noblis

An independent nonprofit organization, Noblis provides U.S. federal government clients with science, technology, and engineering services to solve challenging p

Role Description We are looking for highly technical professionals with a strong foundation in network architecture, design, and security — individuals who are ready to step up from traditional network engineering roles to take ownership of strategic, architecture-level responsibilities. Ideal candidates will have a deep understanding of networking, security architecture and design, and experience applying Federal security guidelines (e.g., NIST 800-53, FISMA, etc.) to harden and secure systems. The TIS Security Engineer will support the FAA Telecommunications and Integrated Services (TIS) Group and provide expert-level security engineering across the FAA’s FTI environment. This includes: - Analyzing and guiding network architecture to ensure cybersecurity is built-in from the ground up. - Performing hands-on reviews of system configurations, firewall rules, and network paths to align with FAA Orders, NIST 800-53, and federal cybersecurity standards. - Leading efforts in transitioning technologies (e.g., IPv4 to IPv6, microwave radio refreshes) from a cybersecurity and network architecture perspective. - Supporting the integration of Zero Trust, Software-Defined Networking (SDN), and defense-in-depth strategies into enterprise-level solutions. - Acting as a technical bridge between FAA cyber stakeholders and infrastructure providers (network, security, cloud). - Evaluating vendor-proposed architectures and making expert-level recommendations based on federal policy, security principles, and industry best practices. Qualifications - Experience supporting federal government programs, ideally within the FAA or transportation sector. - Proven experience with hands-on network engineering or architecture and understands network design, configurations, firewalls, VPNs, IDS/IPS, and load balancing. - Knowledge of telecommunications infrastructure, including IPv4/IPv6, and WAN/LAN environments. - Understand federal cybersecurity frameworks (NIST RMF, FISMA, NIST SP 800-53 rev 5). - Can evaluate network and system security concepts for large-scale, safety-critical systems like those in the National Airspace System (NAS). - Comfortable advising on defense-in-depth architectures, Zero Trust CONOPS, SD-WANs, and emerging tech. - Have experience collaborating with engineers, PMs, and cybersecurity stakeholders to support ATO packages and continuous monitoring. - Ability to develop system security plans, risk assessments, and related security documentation. - U.S Citizen or Green Card Permanent Resident (3+ years U.S. Residency). - Ability to obtain FAA Public Trust. - Mid-level. - Bachelor’s degree in Cybersecurity, Information Technology, Telecommunications, or a related field. - 9+ years of experience in cybersecurity or network security roles. - Substitutions: For anything requiring a substitution, the government customer is subject to further review and either approve or deny the request. - Associates degree and additional 2 years experience would be acceptable. Minimum 11 years total is required. - High school degree and an additional 6 years experience would be acceptable. Minimum 15 years total is required. - Masters Degree from an accredited college in a related discipline with 6 years of professional experience. Requirements - Compensation Ranges: for D.C., NJ, Remote: $105,100 - $164,125. Desired Qualifications - CISSP, Security+, CCNA, or similar certification. - FAA or transportation sector experience preferred. - Familiarity with Zero Trust Architecture, Security Orchestration, and network virtualization (e.g., NFV). - Strong written, verbal, and interpersonal skills.

United States
$105.1K - $164.1K / year
Job Closed