SecOps Engineer

Job Description

Job Title: SecOps Engineer

Job Type: Contractor

Location: Remote

Job Summary:

Join our customer's team as a SecOps Engineer, where you'll play a pivotal role in securing complex applications and infrastructure. This expert-level position focuses on vulnerability detection, secure code review, and proactive remediation, ensuring robust defenses against evolving threats. Collaborate remotely with like-minded professionals, leveraging your technical and communication skills in a dynamic, security-driven environment.

Key Responsibilities:

1. Perform expert-level secure code reviews with a focus on OWASP Top 10 and CWE vulnerability classes.
2. Identify, triage, and remediate application-layer vulnerabilities, including broken access control, IDOR, SQL injection, command injection, and deserialization flaws.
3. Develop and maintain security automation tools using Python, GoLang, or JavaScript/TypeScript to streamline vulnerability detection and remediation processes.
4. Conduct and document penetration tests, collaborating cross-functionally to drive remediation initiatives.
5. Advise development teams on secure coding practices, bringing a proactive security mindset into the software lifecycle.
6. Stay informed of emerging threats and incorporate best practices within the customer's environments.
7. Communicate effectively through detailed written reports and verbal briefings, ensuring security findings are clearly understood and actionable.

Required Skills and Qualifications:

1. 5+ years of hands-on experience in software engineering or security operations with a focus on application-layer security.
2. Proficiency in Python, GoLang, Rust, JavaScript, or TypeScript.
3. Demonstrated expertise in secure code review and professional penetration testing.
4. Strong familiarity with OWASP Top 10, CWE, and modern vulnerability classes.
5. Proven ability to detect, prioritize, and remediate vulnerabilities in production applications.
6. Exceptional written and verbal communication skills, with a strong emphasis on clarity and detail.
7. Fluent English and availability for at least 6+ hours overlap with Eastern Time.

Preferred Qualifications:

1. Experience deploying, integrating, or maintaining vulnerability management platforms.
2. Certifications such as OSCP, GIAC, or equivalent are advantageous.
3. Background in cloud or container security practices.