Lawrence Harvey is partnering with a FinTech firm in New York City, once again, to expand their Product Security team. This Engineer will help ensure the security and resilience of their tech platforms and other services.
This role focuses on four key areas: Application Security, Cloud Security, DevSecOps, and Threat & Vulnerability Management. You'll work closely with engineers, DevOps, and infrastructure teams to build secure applications, protect cloud environments, integrate security into development workflows, and proactively manage vulnerabilities.
What You'll Do:
Application Security
- Conduct secure code reviews to identify and fix vulnerabilities before they reach production.
- Perform security testing (e.g., SAST, DAST, SCA) to evaluate application security posture.
- Conduct threat modeling and design reviews to proactively identify security risks in new and existing applications.
Cloud Security
- Secure cloud environments (AWS preferred) by implementing strong IAM policies, encryption, and security best practices.
- Monitor and improve logging, monitoring, and detection capabilities for cloud environments.
DevSecOps
- Integrate security into CI/CD pipelines, ensuring security checks (SAST, SCA, DAST) happen automatically.
- Automate security controls to reduce manual effort and improve efficiency.
- Work with DevOps teams to ensure containerized applications (Kubernetes, Docker) are securely built and deployed.
Threat & Vulnerability Management
- Perform continuous vulnerability assessments across infrastructure and applications.
- Analyze and prioritize security findings based on risk impact and likelihood.
What You Bring:
- 5+ years of experience in cybersecurity, software security, or a related technical role.
- Strong coding/scripting experience (Java, Kotlin, Golang, Python, JavaScript).
- Knowledge of secure coding practices, threat modeling, and security testing.
- Experience securing cloud environments (AWS preferred), including IAM and cloud security best practices.
- Hands-on experience with Kubernetes, containers, and security tools (SAST, SCA, DAST).
- Familiarity with vulnerability management and security automation.
- Strong collaboration and communication skills-you enjoy working with teams to solve security challenges.
Bonus Points If You Have:
- Experience as a developer on a high-performing engineering team.
- Background in DevSecOps, including automating security in CI/CD pipelines.
- Worked in a regulated industry like finance or cryptocurrency.
- Knowledge of Infrastructure as Code (IaC) security (Terraform, CloudFormation).
- Experience with secrets management and distributed identity systems.
- A history of discovering and disclosing vulnerabilities (CVEs).
No C2C
Note: This client cannot transfer or sponsor visas at this time