Pager is looking for a Senior Security Engineer to join our growing team. To be our first engineer for the security team that has close contact with the engineering team on security items: secure coding, SDLC efforts, code/architecture reviews, project security reviews, penetration testing, and application scanning processes. An engineer that has a strong technical understanding of web applications, backend services, penetration techniques and methodologies.

We are looking for a candidate that can bring the best of current industry knowledge and work at Pager to advance our security posture. We see this role as a mid-level position with lots of potential for growth.

You are a good fit if:

• Understanding of SecOps principles, tools, and their application for Cloud-Native Applications including Terraform, Kubernetes, Docker
• You have a strong foundation on best-practices related to coding and software engineering in general.
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols for Google Cloud Platform and Amazon Web Services.
• Understanding of the latest security principles, techniques, and protocols for cloud-based security management, IDS, IPS, SIEM, DLP, OWASP, and NIST framework.
• Experience with network security and networking technologies and with system, security, and network monitoring tools.
• You have a strong background in automation tools, containerized software development, and computer networking.
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
• Experience in regulated industries such as Healthcare, FinTech, or Defense (e.g. HITRUST, SOC, HIPAA)
• Penetration testing experience
• Knowledge of authentication mechanisms like SAML, OAuth, etc.
• You have 6+ years of security engineering specific experience
• BA/BS degree or higher, preferably in a technical field (Computer Science, IT, etc) or equivalent practical experience

Nice to Have skills/experience:

• CompTIA Security+, Certified Ethical Hacker, CISSP, or a relevant certification
• Experience working with/on external 3rd party audit team (architecture reviews)
• Practical knowledge of normalizing multiple log types
• Hands on experience with Bug Bounty programs

What you will be doing:

• Contributing security-focused feedback to engineers during all phases of the development lifecycle.
• Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.
• Maintaining secure development practices and programs for our engineering teams
• Advising teams across the organization (infrastructure, application engineering, analytics, etc.) to ensure the security, availability and confidentiality of our infrastructure.
• Stay up to date with the latest application security developments and security trends to continually improve internal processes