Senior Security Engineer

Purpose of the Job

As members of 6sense’s Security department, the Security Engineering team protects the platform. We are seeking a highly skilled and experienced Senior Security Engineer to lead the design, implementation, and management of security solutions across our infrastructure, applications, and production systems.

Responsibilities & Accountabilities

• Ensure that security tools are configured to provide appropriate coverage based on the Vulnerability Management Policy and Standard
• Support and consult with engineering and product teams around application, infrastructure, and AI/ML security vulnerabilities and issues.
• Assist teams in reproducing, triaging, and addressing application and infrastructure security vulnerabilities identified through Pen Testing, SAST, DAST, or Dependency scans, as well as security considerations specific to AI/ML models and data pipelines.
• Conduct threat modeling, vulnerability assessments, and penetration testing, including considerations for AI/ML systems.
• Participate in incident response efforts for security breaches or attacks impacting the 6sense platform
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Facilitate secure development training with Engineering teams
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area
• Build dashboards and filters to surface security issues to the right teams
• Design and execute quarterly individual (O)KRs

Educational and Experience Requirements

• 5+ years hands-on experience securing cloud environments (AWS strongly preferred) of experience in information security, with a focus on all aspects of application security, including threat modeling and developer training
• Familiarity and ability to explain common security flaws and ways to remediate them (e.g. OWASP Top 10)
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS protocols)
• Hands-on experience in automating, maintaining, and securing Cloud Computing Platforms – AWS experience a plus.
• Strong development or scripting experience in one or more languages – Python experience a plus.
• Experience with security tools (e.g., Vulnerability Scanners, SAST/DAST, DevOps software, AWS cloud security tooling)
• Strong understanding and practical experience securing CI/CD pipelines, containerization (Docker), orchestration (Kubernetes), and Infrastructure as Code (IaC) practices.
• Excellent communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Experience working directly with software developers to improve code security
• Strong understanding and practical experience with common security libraries, security controls, common security flaws, internet security issues, containerization, orchestration and current threat landscape dynamics
• Relevant industry certifications, such as AWS, CNCF, and GIAC are highly desirable