Senior Security Engineer
Hydrosat · United States · 2 wk ago
RemoteRemoteEngineeringFull-time
Responsibilities
- Implement, maintain, and improve security controls across AWS environments.
- Support secure configuration of IAM, logging, monitoring, networking, and cloud services.
- Operate and improve vulnerability management processes across infrastructure, applications, containers, and dependencies.
- Triage security findings, assign ownership, track remediation, and drive closure with engineering teams.
- Support SAST, SCA, DAST, SBOM, and container security workflows using tools such as Snyk and AWS-native services.
- Help integrate security checks into CI/CD pipelines and development workflows.
- Track remediation of penetration testing findings and validate closure of high-priority issues.
- Maintain accurate documentation of security controls, risks, exceptions, and remediation progress.
- Support enterprise-grade security monitoring and incident response by leveraging centralized logging, alerting, and detection capabilities to identify, investigate, and respond to security events across the environment.
- Assist with security monitoring, alert triage, investigation, and incident response activities.
- Partner with Engineering, Platform, and IT teams to improve security processes without creating unnecessary friction.
- Contribute to repeatable DevSecOps practices across teams.
Requirements
- 5+ years of experience in security engineering, cloud security, application security, DevSecOps, or related roles.
- Strong hands-on experience with AWS security concepts and services.
- Experience with IAM, logging, monitoring, networking, and cloud security best practices.
- Experience with vulnerability management workflows and remediation tracking.
- Familiarity with application security tooling such as SAST, SCA, DAST, SBOM, and container scanning.
- Experience working with CI/CD pipelines and secure software delivery practices.
- Experience with enterprise security monitoring and incident response, including centralized logging, alerting, and investigation of security events.
- Ability to work directly with engineering teams to resolve security findings.
- Strong documentation, tracking, and follow-through skills.
- Highly self-motivated, practical, and able to operate in a fast-moving startup environment.
- Strong team player with demonstrated ability to take ownership and drive execution.
Qualifications
- Experience with NIST 800-171 or similar security/compliance frameworks.
- Experience with Drata or similar GRC platforms.
- Experience with Snyk or similar application security platforms.
- Experience with Jira or similar tools for vulnerability tracking and exception management.
- Experience with Kubernetes, container security, or cloud-native infrastructure.
- Security certifications such as CISSP, CCSP, AWS Security Specialty, GSEC, GCIH, or similar are a plus.