Principal Security Engineer

How you will impact the organization…

Consensus is looking for a Principal Security Engineer to join our expanding Security Team. This position is responsible for designing, maintaining, and developing cutting-edge cloud security technologies for the organization, ensuring high security assurance and protecting Consensus and customer data. The Principal Security Engineer will serve as a cloud security technical expert, collaborating with DevOps and Software Engineers to design and implement comprehensive cloud security controls that meet our security policies and procedures. This includes creating and implementing secure CI/CD, static, and dynamic code analysis automation to enhance and maintain the security of our application code, infrastructure-as-code, containerized services, serverless workloads, hybrid cloud environments, and the software development lifecycle.

The value you will deliver…

• Develop a SecDevOps program based on OWASP SecDevOps Guidelines and lead an internal working group that facilitates cross-functional collaboration on SecDevOps. 
• Implement a secure pipeline, adopt best practices, and introduce tools for this purpose. Promoted a shift-left security culture in our development process.
• Evaluate, select, implement, and operationalize secrets scanning, SAST, SCA, and DAST tooling.
• Review security tooling findings to fine-tune scanning thresholds, identify actual positive vulnerabilities, and build workflows to help software developers and network engineers pinpoint issues in the development lifecycle.
• Track vulnerabilities to resolution and provide technical support to cross-functional teams to help prioritize remediation efforts and ensure that vulnerabilities have been fully remediated. 
• Customize ticketing workflows to maximize efficiencies and identify opportunities for improvements in tooling. 
• Provide guidance and expertise to GRC, development, and IT teams on designing and implementing secure architecture, including network, cloud, application and infrastructure in order to  help make informed decisions about technology and architecture choices that prioritize security.
• Leverage both AWS-native security tools and third-party solutions to protect hybrid cloud environments.
• Lead architectural review and design of enterprise-scale security frameworks and platforms to further enhance secure development across all platform services.
• Ensure compliance within the frameworks of NIST, CIS, CSA, PCI, HITRUST, and ISO 27001.
• Own monitoring, detecting, and responding to potential threats, drift, or anomalies of the company security posture.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.

What you will bring to the table…

• 6+ years of experience in Software Development or Information Technology.    
• 6+ years of experience with manual web application testing by proxy tools such as OWASP ZAP and Burp Suite.    
• 6+ years of experience with SIEM platforms.    
• 4+ years of experience in Web or Mobile application security testing.    
• 3+ years of experience in Secure SDLC (Software Development Life Cycle).    
• 3+ years of experience with AWS cloud technologies.
• Expert in SecDevOps tooling such as Git Hound, SonarQube, Snyk, Brakeman, Semgrep, Ansible, puppet, terrascan, Jfrog Xray, Burp Suite, Nessus, Nuclei, Synopsys Black Duck,  Clair, and Anchore. 
• Expert in reviewing custom and open source code for security vulnerabilities and providing remediation guidance to software developers and cloud infrastructure engineers.   
• Proficiency in designing and implementing application code secrets scanning, static and dynamic scanning, and software composition analysis.    
• Expertise in securing software applications, including secure coding practices, web application firewalls, and secure development life cycle (SDLC) processes.    
• Understanding of cloud security principles, including configuring and securing cloud environments, and familiarity with major cloud service providers (e.g., AWS, Azure, Google Cloud).    
• Knowledge of security architecture principles and the ability to design and implement security solutions for complex infrastructures.    
• Skill in managing user identities, access controls, and authentication mechanisms.    
• Understanding of encryption techniques and protocols, including data encryption at rest and in transit.    
• Skill in analyzing network traffic and packets to detect and respond to security threats.    
• Understanding security policies, standards, and regulatory compliance requirements (e.g., HIPAA, HITRUST, and PCI DSS).    
• Knowledge of securing various operating systems, including Windows, Linux, and Unix.    
• Expertise in database security, including access controls, encryption, and best practices.
• Ability to contribute to a comprehensive security strategy that aligns with organizational goals and addresses emerging threats.    
• Proficiency in integrating security practices and principles into the SDLC and product design process.    
• Skill in designing and implementing secure architecture for networks, systems, and applications.    
• Experience in security monitoring, incident response, and vulnerability management.    
• Knowledge of security practices that align with industry standards and regulatory requirements.    
• Ability to identify, assess, and prioritize security risks and implement mitigation strategies.    
• Experience in conducting or participating in penetration testing, code reviews, and security assessments.    
• Skill in responding to security incidents, including investigation, containment, and recovery.    
• Familiarity with security tools and technologies to enhance security posture.    
• Experience in security auditing and reporting.    
• Ability to stay informed about emerging cybersecurity threats and incorporate threat intelligence into security strategies.    
• Strong technical understanding of cybersecurity technologies, protocols, and trends.

You will stand out if you also have…

• Bachelor's degree in computer science, information technology, cybersecurity, or equivalent experience.    
• A master's degree may be preferred.    
• Typically 5+ years of experience in cybersecurity and information security roles.    
• Proven experience in security architecture, security operations, and integrating security into software development processes.    
• Proficiency in various cybersecurity technologies and tools, including network security, application security, cloud security, and encryption.    
• Hands-on experience with security assessment and penetration testing tools.    
• Familiarity with security information and event management (SIEM) systems.    
• Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure, and GCP.
• Active, transferable U.S. Security clearance at the Public Trust level or higher preferred.

Additional details…

• Location requirements: Fully remote within the U.S. (Los Angeles or Las Vegas preferred.)
• Travel requirements: Up to 10% travel. We will also indicate whether that travel will be international or solely domestic and whether or not they need a reliable source of transportation, valid driver’s license, etc.)
• Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time.
• Technology requirements: Reliable, high speed internet
• Eligible for sponsorship: No
• Security clearance:  Ability to achieve and maintain a security clearance with the U.S. Government is required
   

The salary range for this role is $145,000-$155,000 USD annually.  The total compensation package for this position is negotiable and may also include annual performance bonus, ESPP, enhanced time off packages and benefits. This job doesn't have an expiration date and will remain open until a qualified candidate is hired.