Security Software Engineer

*Native/Bilingual English is required for this role (read/written/spoken)

Please upload your CV Resume in English.

Monthly salary: $6,000 USD

Along with our partner, we are seeking a security-conscious contract Senior level Software Engineer to help enhance the security posture of their applications. The primary focus of this role is to systematically reduce their attack surface by addressing high-priority security risks. Using Snyk as the primary scanning tool, this engineer will be responsible for identifying, prioritizing, and remediating dependencies with known exploitable vulnerabilities. The goal is a targeted reduction of risk, not a simple "update-all" approach.

Role & Responsibilities:

The engineer will be responsible for the following:

• Vulnerability Analysis: Analyze the results of Snyk scans of their codebases (Ruby, Go, Python, JavaScript).
• Prioritization: Critically assess Snyk reports to distinguish between theoretical vulnerabilities and those that are genuinely exploitable within the context of their applications.
• Targeted Remediation: Plan and execute targeted dependency upgrades or apply patches specifically to fix the prioritized exploitable vulnerabilities, ensuring minimal disruption to the system.
• Code & Test Validation: Refactor code and update unit/integration tests as necessary to support the upgraded dependencies and validate the fixes.
• Collaboration & Documentation: Work closely with internal security and engineering teams, participate in code reviews, and clearly document the rationale for each remediation.

Required Skills & Qualifications (Must-Haves):

Candidates must have demonstrable, hands-on experience in the following areas:

• Security Tooling: Proven professional experience using Snyk to identify, prioritize, and manage vulnerabilities in a production environment. Candidate must be able to interpret Snyk's findings, including exploit maturity and reachability.
• Strong professional experience with all of the following languages:

○ Ruby (including Ruby on Rails)

○ Go

○ Python

○ JavaScript

○ TypeScript

• Deep expertise with package managers for each ecosystem (e.g., package.json, Go Modules, Pip/Poetry, NPM/Yarn).
• Version Control: Expert-level proficiency with Git.
• Automated Testing: A strong commitment to quality with proven experience in writing comprehensive tests.

Preferred Qualifications (Nice-to-Haves):

While not mandatory, preference will be given to candidates with experience in:

• Other Security Tools: Familiarity with other SAST/SCA tools (e.g., GitHub Advanced Security, Checkmarx, Trivy).
• CI/CD Integration: Experience integrating security tools like Snyk into CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions).
• Containerization: Experience with Docker and container orchestration (e.g., Kubernetes).

Benefits:

• A fully remote position, allowing for work-life balance.
• The opportunity to be a part of a mission-driven company that is committed to taking care of its employees.
• Two weeks of paid vacation per year
• 10 paid days for local holidays

Work Schedule: US Eastern Standard Time

*Please note this role is currently for a 3-month project with the potential for a long-term position.