Staff Security Engineer, TDI
ISC2 East Bay Chapter · San Francisco, CA · 8 mo ago
HybridInformation Technology$148k–$222k/yrFull-time
Vulnerability & Asset Management
- Lead hands-on vulnerability remediation efforts across endpoints (Mac/Windows), cloud workloads, and on-prem assets.
- Deploy, configure, and operationalize tools such as Snyk, Semgrep, and Qualys to expand scanning coverage for all TDI assets.
- Collaborate with teams to troubleshoot and remediate findings; provide technical mentorship to developers and admins.
- Improve vulnerability metrics, reporting, and visibility to drive accountability and measurable risk reduction.
- Partner with GRC to integrate findings into the risk register and ensure timely remediation or risk acceptance.
Secure Development & DevSecOps Enablement
- Embed within product and engineering teams to advise on secure coding, build pipelines, and deployment best practices.
- Support and enforce ProdSec SDL adoption across business units, standardizing design reviews and requirements gathering.
- Implement secrets rotation automation and best practices for secrets management across TDI systems.
- Lead the Security Champions initiative—mentoring developers and SREs on proactive risk mitigation.
Baseline Image & Environment Security
- Build and maintain secure baseline container and VM images for AWS environments, integrating core security tooling.
- Collaborate with SRE to manage update pipelines and enforce compliance with baseline standards.
- Conduct light Security Architecture Reviews (SARs) for lower environments to confirm proper controls and data handling.
Automation & Continuous Improvement
- Develop automation for scanning, reporting, and patch validation.
- Identify and close gaps across CSPM, CI/CD pipeline security, and endpoint hardening.
- Provide technical guidance for integrating security into business and productivity platforms (Salesforce, ERP, Google Workspace, Slack, Zoom).