As a Security Engineer at Brale, you will work within an experienced, security-focused engineering team to help bolster existing defenses and use your industry experience to identify and reinforce weaknesses in applications, systems, and processes.
You enjoy threat modeling, designing security protocols, discovering vulnerabilities in software systems, and working closely with the team to document and resolve known issues. Staying up to date on the latest threats and trends enables you to evolve the company's security posture.
Your background in cryptography and secure coding will help Brale protect both on and off-chain assets by defining and building systems that leverage multi-party authorization and follow sound processes. (Bonus points if you have previously worked with blockchain technologies!)
As a security engineer at a small startup, you will need to wear a lot of hats.
Your responsibilities will include:
- Maintain threat models and other security-related system documentation.
- Coordinate penetration testing with independent test team and triage and drive resolution of any identified issues.
- Perform white-box security testing of security-critical features.
- Participate in the design process for application features and AWS platform infrastructure by defining security requirements and reviewing designs to ensure requirements are met and best practices are followed.
- Participate in the design and implementation of controls for regulatory and standards compliance.
- Define internal best practices for secure development and data handling, including key material management.
- Identify SIEM tooling needs and help select suitable solutions for our scale and budget.
- Maintain the security incident response plan and lead incident response in case of a security event.
- Understand the threat environment and establish and maintain monitoring for endpoints and application systems.
- Share knowledge with other engineering roles to improve overall understanding of security topics.
Qualifications:
- Five or more years experience in a security engineering or related role
- Proven experience with a wide variety of different of aspects of security engineering, including network security, incident response, threat modeling, and identity and access management.
- Ability to identify and lead initiatives to improve information security without direct oversight.
- Strong communication skills for communicating with both technical and non-technical audiences in a remote environment.
