By joining our team as a Senior Security Engineer, you will become a leading subject matter expert on the security of modern web applications, APIs, and cloud infrastructure. In close collaboration with technical advisors and staff engineers, you will assess the security of new applications, features, partner integrations, data flows, and internal StudyTeam configuration/administration tools. You will also serve as a technical leader on incident response and mentor other Security Team members.

What You’ll Be Working On

• Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools.   
• Develop solutions to enable and enhance security of StudyTeam SaaS applications, associated data transfers, and infrastructure (AWS).   
• Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through 3rd party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g, DevOps/SRE, Software Engineering).
• Play a key role in the selection, design, configuration and use of additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP).
• Serve as a technical leader on incident response for web applications and infrastructure.
• Recommend, drive, and implement improvements to One StudyTeam’s Security Program, including how the program is integrated within the SDLC .
• Author, and when appropriate delegate to team members, formal technical risk assessments documenting security findings and outlining required mitigating controls.
• Participate in the selection and implementation of a re-imagined SIEM solution

What You Bring to OneStudyTeam

• 5 or more years experience in a dedicated technical security role is required.
• Proficiency in Python for programmatic data analysis and automation is required.
• Deep understanding of modern application stacks including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or GCP is required.
• Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives.
• Understanding of modern source control systems (e.g., Git, Gihub) is required.
• Desire to mentor other security team members while concurrently collaborating with senior engineers is required. 
• Prior experience collaborating with Data, Engineering, DevOps/SRE and Product teams to assess technical security risks is a strong plus.  
• Experience leading technical incident response for modern web applications and infrastructure is a strong plus.