Senior Security Engineer

👩‍💻 The Role

Location: While this position is posted in a specific location, all of Oyster’s positions are fully remote and you can work from home. Forever. To create the best experience for our new hire, this role requires you to be based within +3 / -5 UTC.

We are looking for a high-performing Senior Security Engineer to join the Engineering Team at Oyster. In this role, you will work closely with the Data Protection/Privacy Team, IT Team, and Product Development Team to ensure that our applications are secure throughout the development lifecycle. You will be responsible for identifying and mitigating security risks, implementing best practices, and collaborating with cross-functional teams to enhance our security posture. Working in a fully distributed company, you will work synchronously and asynchronously with team members all over the world. We are looking for someone with strong technical skills, a collaborative mindset, and the ability to thrive in a dynamic, fast-paced environment.

Key Responsibilities

• Embed Security in SDLC:

  • Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC).
  • Conduct security assessments, code reviews, and threat modeling exercises to identify and mitigate security risks.
  • Provide guidance on secure coding practices and remediation strategies.

• SaaS Application Security:

  • Conduct security assessments and audits of both in-house and third-party SaaS applications.
  • Ensure proper security controls and access management are implemented for SaaS tools.
  • Stay updated on emerging threats and vulnerabilities specific to SaaS environments and address potential risks proactively.

• Security Tools and Automation:

  • Implement and manage security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
  • Integrate security tools into CI/CD pipelines for continuous security testing.
  • Monitor and analyze security tools' outputs to identify and address potential security risks.

• Collaboration and Compliance:

  • Work with the Data Protection/Privacy Team to ensure applications comply with relevant data protection regulations (e.g., GDPR, CCPA).
  • Collaborate with the IT Team to ensure secure infrastructure configurations for hosting and deploying applications.
  • Partner with the Product Team to incorporate security requirements into product features from the design phase.

• Training and Awareness:

  • Develop and deliver security training and awareness programs for developers and relevant stakeholders.
  • Promote a culture of security awareness and best practices throughout the organization.

Core Requirements

• 5+ years of experience in application security, with a strong focus on SaaS environments.
• Strong knowledge of security assessments, audits, and best practices for SaaS applications.
• Experience in configuring and managing security controls and access management within a SaaS-centric environment.
• Proficiency in using security testing tools such as SAST, DAST, and SCA.
• Experience integrating security tools into CI/CD pipelines and automating security processes.
• Familiarity with data protection regulations (e.g., GDPR, CCPA) and their implications for application security.
• Understanding of identity and access management
• Strong problem-solving skills and the ability to communicate complex security concepts to technical and non-technical audiences.

You'll also need

• A drive to learn, and help the development team to progress.
• Fluent English language skills.
• A reliable internet connection (or be able to get one).