Staff Cyber Security Engineer - DevSecOps jobs in United States
cer-icon
Apply on Employer Site
company-logo

Amaze Systems · 12 hours ago

Staff Cyber Security Engineer - DevSecOps

positionDallas, TX
timeContract
remoteOnsite
seniorityLead/Staff

Amaze Systems is seeking a Staff Cyber Security Engineer - DevSecOps to enhance their security posture across various platforms. The role involves developing threat models, conducting penetration testing, and managing incident responses to mitigate vulnerabilities in embedded systems and cloud applications.

Digital MarketingMobile AppsWeb Development

Responsibilities

Threat Modeling: Develop and maintain comprehensive threat models across embedded platforms, cloud services, and software applications to proactively identify, prioritize, and mitigate potential vulnerabilities throughout the system development lifecycle
Embedded Platform Penetration Testing: Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration
Cloud-hosted Application Penetration Testing: Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration
Red-Teaming AI-Backed Services: Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities
Threat Detection and Analysis: Utilize advanced security tools like Cloud Security Posture Management platforms, open-source pen-testing tools, SIEMs, and SASTs to identify, analyze, validate, and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments
Data Analysis and Security Monitoring: Conduct comprehensive analysis of security data from microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Use SIEM tools to correlate security events and identify anomalies
Incident Response and Management: Participate in incident response efforts, perform root cause analysis, and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks
Supply Chain Security: Assess and mitigate security risks associated with the supply chain, like open source libraries, ensuring end-to-end security
Software Security Flaws Mitigation: Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python, C++, C#, JS, Python, HCL
Security Solutions Development: Develop and implement custom security solutions, minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines
Automating Security Test Functions: Develop and implement automated dynamic security testing functions to ensure continuous security validation

Qualification

Threat ModelingPenetration TestingCloud SecurityIncident ResponseSecure API DesignPythonC++JavaScriptSecurity Tools ProficiencyData AnalysisSoft Skills

Required

Expertise in secure API integration design and implementation
Expertise in the OWASP top 10 for web applications, and LLMs along with mitigation and remediation techniques
Bachelor's degree in Computer Science, Information Technology, or a related field
Extensive experience in cybersecurity within software engineering environments
Experience with a programming language (C/C++, Python, Go, JavaScript / TypeScript, Rust)
Proficiency in cloud security, threat detection, data analysis, and incident response
Expertise with security tools such as BurpSuite, PyRIT, Garak, MitM, Metasploit, Wireshark, Wiz, Sonarqube
Experience standing up Security tooling to automate security hygiene, analysis, reporting or otherwise host tools or enhance intel capabilities
Strong technical knowledge of microservice architecture, content distribution networks, data lakes, serverless functions, and databases
Familiarity with various cloud platforms and DevOps tools
Excellent analytical and problem-solving skills
Strong communication skills, both written and verbal
Ability to independently develop and implement security solutions
Experience in developing and implementing automated security testing functions

Preferred

Master's degree in Computer Science or relevant field of study
Cyber related certifications such as CompTIA CySA+, CISSP, CHFI, OSCP
Experience in digital forensics
Working experience within a DevSecOps environment

Company

Amaze Systems

twittertwittertwitter
company-logo
Amaze Systems is a web and digital marketing agency that offers data analytics and SEO services.
dateFounded in 2020
location
Dallas, Texas, USA
people-size501-1000 employees
web-link
https://www.amaze-systems.com

Funding

Current Stage
Late Stage
Company data provided by crunchbase