Torchora
Back to Home

Key Responsibilities and Required Skills for Security Software Engineer

💰 $140,000 - $220,000

Software EngineeringCybersecurityInformation TechnologyDevSecOps

🎯 Role Definition

Are you a builder at heart with a passion for cybersecurity? This role requires a talented and driven Security Software Engineer to join our dynamic security team. In this pivotal role, you won't just be finding vulnerabilities; you'll be engineering the solutions to prevent them at scale. You will act as a force multiplier for our engineering organization, designing and implementing automated security tools, secure-by-default frameworks, and robust infrastructure. Your mission is to make the secure way the easy way for our developers, embedding security seamlessly into every stage of the software development lifecycle (SDLC) and protecting our customers' data from emerging threats.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Software Engineer (with a security focus)
  • DevOps or Site Reliability Engineer
  • Application Security Analyst

Advancement To:

  • Senior Security Software Engineer
  • Security Architect
  • Security Engineering Manager

Lateral Moves:

  • Site Reliability Engineer (SRE)
  • DevOps Engineer (with a security specialty)
  • Security Researcher

Core Responsibilities

Primary Functions

  • Design, develop, and deploy innovative software and systems to proactively enhance security posture and mitigate risks across our cloud-native platforms.
  • Build and maintain robust security automation to proactively identify, triage, and remediate vulnerabilities throughout the entire software development lifecycle (SDLC).
  • Conduct in-depth security architecture reviews, threat modeling, and risk assessments for new products and features to ensure they are secure by design.
  • Implement and manage sophisticated security controls, policies, and best practices for our multi-cloud environments (AWS, GCP, Azure).
  • Integrate, operate, and fine-tune a suite of security tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) within our CI/CD pipelines.
  • Lead the response, investigation, and remediation efforts for security incidents and vulnerabilities, performing thorough root cause analysis to prevent recurrence.
  • Act as a security champion, collaborating closely with engineering and product teams to foster a security-first culture and promote secure coding practices.
  • Create and maintain foundational security libraries, services, and frameworks that empower developers to build secure applications easily and efficiently.
  • Perform meticulous manual and automated code reviews on business-critical components to identify and resolve complex security flaws that automated tools may miss.
  • Develop and automate the vulnerability management lifecycle, from discovery and reporting to remediation tracking and verification.
  • Build and scale custom tools for security monitoring, threat detection, and automated response to identify malicious activity in real-time.
  • Secure our containerized infrastructure by implementing best practices for Docker and Kubernetes, including image scanning, network policies, and runtime security.
  • Design, implement, and manage our Identity and Access Management (IAM) solutions, secrets management systems, and Privileged Access Management (PAM) controls.
  • Research emerging threats, zero-day vulnerabilities, and cutting-edge security technologies to continuously evolve our defense strategies and capabilities.
  • Serve as the go-to subject matter expert on application and cloud security, providing actionable guidance to development teams during all project phases.
  • Develop and implement cryptographic solutions, including Public Key Infrastructure (PKI), data-at-rest encryption, and secure key management systems.
  • Lead critical, cross-functional security engineering projects from initial conception and design through to successful implementation, deployment, and maintenance.

Secondary Functions

  • Evaluate, prototype, and implement new commercial and open-source security technologies to augment our existing security stack.
  • Develop and deliver engaging security training, workshops, and awareness programs to upskill the entire engineering organization.
  • Participate in an on-call rotation to provide rapid response for urgent security incidents and critical operational issues.
  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.

Required Skills & Competencies

Hard Skills (Technical)

  • Strong proficiency in one or more high-level programming languages such as Python, Go, Java, or Rust, with a focus on building scalable and secure systems.
  • Deep, practical knowledge of web application security flaws and mitigations, as outlined in frameworks like the OWASP Top 10.
  • Extensive experience with cloud security architecture, services, and best practices in at least one major cloud provider (AWS, GCP, or Azure).
  • Hands-on experience operating and integrating security tools into CI/CD pipelines (e.g., SonarQube, Veracode, Snyk, Checkmarx, Trivy).
  • Solid understanding of container and orchestration security for technologies like Docker and Kubernetes.
  • Expertise in infrastructure-as-code (IaC) and its security implications, using tools such as Terraform or CloudFormation.
  • In-depth knowledge of network security fundamentals, including TCP/IP, DNS, TLS, firewalls, and network segmentation.
  • Familiarity with modern identity and access management (IAM) protocols and standards (e.g., OAuth2, OIDC, SAML, WebAuthn).
  • Practical understanding of applied cryptography, including PKI, encryption standards, and secure key management.
  • Proven ability to script and automate security workflows and repetitive tasks.

Soft Skills

  • Exceptional analytical and problem-solving skills, with the ability to think like an attacker.
  • Excellent written and verbal communication skills, capable of explaining complex security concepts to diverse audiences.
  • Strong collaboration and influencing skills to effectively partner with engineering teams and drive security initiatives.
  • A proactive, self-motivated mindset with a passion for continuous learning and personal growth in the security field.
  • Meticulous attention to detail and a strong sense of ownership for the security of our products.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in a relevant field or equivalent practical experience in software engineering and security.

Preferred Education:

  • Master's degree in a relevant field or industry-recognized security certifications (e.g., OSCP, GWEB, GWAPT, CISSP).

Relevant Fields of Study:

  • Computer Science
  • Cybersecurity
  • Software Engineering
  • Information Systems

Experience Requirements

Typical Experience Range: 3-7+ years of experience in a hands-on technical role.

Preferred:

  • Demonstrated experience in an Application Security (AppSec), Product Security, or Security Software Engineering role.
  • A strong background in software development, with a proven track record of shipping production code.
  • Experience building security solutions in a fast-paced, cloud-native technology company.
Explore More Careers