Apply on Employer Site

SambaSafety · 8 hours ago

Security Engineer

United States

Full-time

Remote

Senior Level

$125K/yr - $145K/yr

5+ years exp

SambaSafety is a company that offers comprehensive driver monitoring software aimed at promoting safer communities. They are seeking an experienced Security Engineer to join their security team, focusing on vulnerability management, application security, and threat detection, while optimizing the company's security posture.

Public SafetyRisk ManagementSoftware

Growth Opportunities

H1B Sponsor Likely

Hiring Manager

Kayla Watkins

Responsibilities

Lead application security vulnerability remediation efforts across development teams

Administer SAST tools (Checkmarx, SonarQube, Fortify)

Administer DAST tools (Burp Suite Pro, Qualys, OWASP ZAP)

Administer SCA tools (Snyk, Black Duck, Dependabot)

Triage and validate vulnerability findings to reduce false positives

Provide remediation guidance to development teams on OWASP Top 10 and secure coding practices

Integrate scanning tools with ticketing systems and CI/CD pipelines

Generate AppSec metrics and reports

Provide security code review support

Administer Vulnerability Management tools (Rapid7, Qualys, SentinelOne)

Configure scan policies, schedules, and asset groups

Validate and prioritize vulnerability findings using risk-based prioritization (CVSS + context)

Conduct expert analysis and risk scoring of vulnerabilities

Coordinate remediation with IT and development teams

Manage vulnerability exceptions and risk acceptances

Track vulnerability aging and SLA compliance

Generate management reports and Rapid7 dashboards

Participate in product vulnerability management meetings

Participate in Security by Design reviews

Develop detection rules mapped to ATT&CK techniques

Implement ATT&CK-based alert triage workflows

Configure SIEM correlation rules using ATT&CK

Conduct gap analysis of ATT&CK coverage

Integrate threat intelligence with ATT&CK mapping

Build ATT&CK-based hunting queries

Create ATT&CK-mapped incident reports

Administer SOAR platforms (Phantom, XSOAR, Swimlane)

Develop and maintain SOAR playbooks and automations

Integrate SOAR with SIEM, EDR, and ticketing systems

Build automated enrichment workflows

Configure case management and SLAs

Implement automated response actions

Develop custom integrations using APIs

Create security automation workflows

Monitor and optimize playbook performance

Lead Tier 2/3 security incident investigation and response

Administer EDR, SIEM, and IAM platforms

Implement and tune detection rules and alerts

Manage cloud security configurations

Support penetration testing and red team activities

Conduct WAF firewall rule audits and configuration reviews

Provide security engineering expertise for infrastructure and application architecture decisions

Support complex security investigations requiring deep technical analysis

Contribute to security design reviews and technical security standards

Draft and review security policies and procedures

Conduct policy gap analysis against frameworks

Analyze threat intelligence from multiple sources

Integrate threat feeds into SIEM/SOAR platforms

Implement IOC blocking and detection rules

Participate in information sharing communities (ISACs)

Create threat intelligence reports

Qualification

Vulnerability ManagementApplication SecurityMITRE ATT&CKSOAR AutomationCloud SecurityEDR PlatformsSIEM AdministrationIAM PlatformsScriptingAutomationAnalytical ThinkingAgile ProficiencySecurity Awareness TrainingCustomer InteractionProject Security ReviewsEscalation PointSales SupportThreat Intelligence AnalysisPenetration Testing CoordinationCommunication SkillsCollaborationTechnical Documentation

Required

Bachelor's degree in Computer Science, Information Security, Engineering, or related technical field, or equivalent professional experience

5-7 years of experience in security engineering with demonstrated expertise in multiple security domains, including application security

Expert knowledge of vulnerability management platforms

Proficient in MITRE ATT&CK mapping for detection rules and incident response

Strong experience with SAST, DAST, and SCA tools for application security

Deep understanding of application vulnerabilities (OWASP Top 10, injection flaws, XSS, authentication bypasses)

Experience with SOAR platforms (Phantom, XSOAR, Swimlane) and security automation

Proficiency in EDR platforms (SentinelOne, CrowdStrike, Defender ATP)

Experience with SIEM administration

Solid understanding of IAM platforms (Okta, Azure AD)

Proficiency in cloud security (AWS/Azure/GCP)

Solid understanding of WAF configuration and audit

Proficiency in scripting and automation (Python, PowerShell)

Understanding of DevSecOps and secure CI/CD practices

Knowledge of AI-powered security tools and emerging AI threats including prompt injection and MCP security risks

Ability to produce dashboards using Rapid7 and Power BI

Strong analytical thinking and problem-solving capabilities

Excellent communication skills for technical and business audiences

Strong Agile proficiency with ability to integrate security into sprint planning

Experience collaborating with development teams and partnering on secure coding

Ability to translate technical vulnerability findings into actionable remediation guidance

Strong written communication skills for security documentation, audit responses, and questionnaire completion

Act as escalation point for Security Analysts

Participate in project security reviews

Support sales team with security questionnaires

Participate in customer security calls

Preferred

CySA+ (CompTIA)

AWS Security Specialty

GIAC GSEC

Certified Ethical Hacker (CEH)

GIAC GWEB (Web Application Penetration Tester)

CompTIA PenTest+ (optional)

GIAC GCTI (Cyber Threat Intelligence) (optional)

Rapid7 Certified InsightIDR Specialist (optional)

SOAR Platform Certification (optional)

DevSecOps experience integrating SAST/DAST into CI/CD pipelines

Secure software development lifecycle (SSDLC) implementation experience

Compliance experience with SOC 2, ISO 27001, or industry-specific regulations

Experience with security audit preparation and vendor risk assessment programs

Threat intelligence analysis and integration experience

Experience coordinating third-party penetration testing

Security awareness training development and delivery

Experience with containers and Kubernetes security concepts

Benefits

Flexible and generous Paid Time Off and Paid Volunteer Days

401k Employer Match

Generous Healthcare Benefits

Up to 12 weeks paid time off for maternity leave based on tenure

Wellness & Tuition Reimbursement

Flexible Work Arrangements

Lots of SambaSafety swag & SambaSafety Events

Company

SambaSafety

SambaSafety provides cloud-based mobility risk management software solutions.

Founded in 1998

Greenwood Village, Colorado, USA

201-500 employees

http://www.sambasafety.com

H1B Sponsorship

SambaSafety has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2020 (2)

Funding

Current Stage

Growth Stage

Total Funding

$16.4M

Key Investors

Main Street Capital

2016-04-06Acquired

2014-10-08Series Unknown· $16.4M

2011-11-01Series Unknown

Leadership Team

Karina Sinclair

Chief Customer Officer

Recent News

SambaSafety

88% of Fleets Now Use Telematics for Safety, But Only 30% Share Data with Insurers

2025-10-15

SambaSafety

The Key to Safer Roads: Landmark UK Driver Risk Report Highlights Path to Fewer Crashes and Lower Costs

2025-09-23

Google Patent

Systems and methods for providing automated driver evaluation from multiple …

2025-02-16

Company data provided by crunchbase