Senior Security Engineer

About the Job

Responsibilities

• Lead and develop security strategies for infrastructure, application, and cloud security.
• Architect and implement security frameworks for other engineers to follow.
• Secure cloud infrastructure (Google Cloud Platform) and containerized environments (Docker).
• Improve CI/CD security, integrating SAST, DAST, and security automation.
• Conduct threat modeling, risk assessments, and penetration testing.
• Ensure secure software development practices, performing security code reviews.
• Oversee vulnerability management, incident response, and security monitoring.
• Manage a team of 2-8 security engineers, providing technical mentorship and oversight.
• Establish security policies, best practices, and compliance standards (HIPAA, SOC-2, PCI-DSS).
• Collaborate daily with product teams to integrate security into architecture and implementation.
• Work autonomously, making strategic security decisions while reporting to the CTO.

Preferred Qualifications

• 8+ years of relevant experience in security engineering.
• Experience leading security teams and mentoring engineers.
• Background in fintech or other highly regulated industries.
• Familiarity with DevSecOps principles and secure software development lifecycle (SSDLC).
• Experience with security orchestration and automation tools.
• Cloud Security: Strong expertise in Google Cloud Platform (GCP).
• Container Security: Experience securing Docker environments.
• Software Development: Hands-on programming experience across multiple languages such as DotNet, Node.js, Python, Go, and Rust (preferred).
• Security Automation & Tooling: Ability to develop security frameworks and automate security processes.
• Application Security: SAST, DAST, and manual penetration testing.
• Threat Modeling & Risk Assessments: Proficiency in identifying and mitigating security threats.
• Compliance & Regulations: Experience with HIPAA, SOC-2 (required) and PCI-DSS (preferred).

Minimum Qualifications

• 5+ years of hands-on security engineering experience.
• Strong expertise in GCP & Docker security.
• Proven programming experience in multiple languages (e.g., Node.js, Python, Go, DotNet).
• Hands-on experience with security assessments, penetration testing, and vulnerability management.
• Knowledge of compliance frameworks such as HIPAA and SOC-2.

Our Tech Stack

• Frontend: React, Typescript, Next.js
• Backend: Node.js, Laravel, Python
• Database: PostgreSQL
• AI/ML: TensorFlow
• Cloud/Hosting: Google Cloud, Vercel, Laravel Forge, Envoyer

Why Join Prahsys?

Perks & Benefits

• Remote-first work environment
• Competitive compensation package
• Top-tier health, dental & vision coverage
• Company-issued equipment
• Home office & equipment stipend
• Paid vacations with the Prahsys team
• Unlimited PTO