|
Senior Software Security Engineer
About the Role
We are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services.
You will act as a trusted advisor and technical authority, embedding security by design, driving DevSecOps maturity, and ensuring our software development practices consistently meet the highest standards of security, compliance, and operational excellence.
Your Mission
As a Software Security Engineer, you will:
- Define and continuously evolve the company-wide SSDLC security framework, policies, and governance.
- Influence architecture and design decisions across product teams to ensure security is a core design principle.
- Lead initiatives for security tooling, automation, and vulnerability management.
- Enable and mentor engineering teams to adopt secure coding, perform code reviews, apply threat modeling, and embrace risk-driven design.
- Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements.
Key Responsibilities
Secure SDLC Governance & Strategy
- Establish and enforce a global SSDLC framework and secure development policies.
- Conduct risk assessments, threat modeling, and architecture security reviews.
- Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.
- Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools (SAST, DAST, SCA, etc.)
- Guide the remediation of security incidents and root cause analysis
- Provide support for application-level security issues and audit follow-ups
- Run and/or supervise Pentests
DevSecOps & Security Automation
- Define the roadmap and architecture for AppSec tooling (Checkmarx, SAST, DAST, SCA, container scanning, secrets detection…).
- Oversee the integration of security controls and gates into CI/CD pipelines.
- Standardize security guardrails for APIs, Kubernetes, containers, Microservices and cloud-native environments (AWS..)
- Establish metrics and dashboards to measure DevSecOps maturity.
Vulnerability & Compliance Management
- Oversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.
- Lead and support external audits and certification cycles (PCI Secure Software Standard, PCI Secure SLC).
- Provide security KPIs and risk reports to senior stakeholders and governance committees.
Training, Advocacy & Culture
- Promote secure coding best practices and continuous learning
- Design and deliver training programs on secure architecture, code review, threat Modeling and DevSecOps.
- Mentor security champions and influence technical leaders across the organization.
Required Profile
Education
- Master’s degree in Computer Science, Software Engineering, or Cybersecurity.
Experience
- 5 to 8 years of experience in Application Security, DevSecOps, or SDLC Security.
- Proven track record leading application security initiatives in complex or regulated environments.
- Experience securing hybrid architectures (legacy + microservices on Amazon Web Services).
- Strong stakeholder management and cross-team leadership skills.
Technical Skills
- In-depth knowledge of secure coding and architecture practices based on the NIST Secure Software Development Framework (SSDF), OWASP Top 10, OWASP ASVS, STRIDE…
- Hands-on expertise with AppSec tools (SAST, SCA, DAST, container scanning) and their integration in CI/CD.
- Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM, KMS, VPCs, security groups, observability stacks, etc.).
- Familiarity with Kubernetes security concepts (RBAC, network policies, secrets management).
Development experience in Java, Spring and Angular is a plus.
REQUIRED SKILLS
Skill Levels
1 – Beginner | 2 – Intermediate | 3 – Proficient | 4 – Expert
TECHNICAL SKILLS
|
Technical Area
|
Level
|
|
Java, Spring
|
4
|
|
DevSecOps
|
4
|
|
Software Development Framework (SSDF)
Any one (OWASP Top 10/ OWASP ASVS/ STRIDE)
|
4
|
|
NIST Secure
|
3
|
|
AppSec tools, any one (SAST/ SCA/ DAST/ container scanning)
|
4
|
|
CI/CD
|
3
|
|
Amazon Web Services
|
2
|
|
Kubernetes security
|
2
|
Knowledge & Expertise
|
Knowledge Area
|
Level
|
|
Cards & Payments (Good to have, not mandatory)
|
2
|
|
ISTQB certification (Mandatory)
|
4
|
PROFILE REQUIREMENTS
- Education: Master’s degree (Engineering, Computer Science, Information Systems, or equivalent)
|