Senior DevSecOps / Security Engineer – Application & Cloud (Ecommerce)

RESPONSIBILITIES

WHAT YOU NEED

•  Injection (SQL/NoSQL), XSS, CSRF 
•  Broken authentication / session management 
•  Business logic flaws (checkout, pricing, promotions, abuse scenarios) 
•  Account takeover, credential stuffing, bot attacks 

• SAST (Java-focused), DAST, SCA (dependencies), secrets scanning

• IAM roles and least privilege access 
• Network segmentation (VPCs, security groups, private/public boundaries) 
• Secrets management (AWS Secrets Manager, Parameter Store) 
• Data protection (encryption at rest/in transit) 

• Web/app-layer attacks 
• API abuse 

• Pen tests 
• Purple team exercises 
• Assumed breach scenarios 

WHAT WE OFFER

• Competitive compensation
• 100% company-paid medical, dental, and vision insurance coverage for employees
• Company-paid short- and long-term disability insurance
• Company- paid life insurance
• 401k plan with employer matching contributions up to 4%
• Gym membership reimbursement
• Monthly allowance of Thorne supplements
• Paid time off, volunteer time off and holiday leave
• Training, professional development, and career growth opportunities