Senior Security Engineer
New York City or Remote
CLEAR
At CLEAR, we're always improving our technology, and our people are powering the movement. SAFETY Act Certified.CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the third year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 7+ million members to help create a safer environment no matter where you go.
We’re looking for an outstanding and passionate Senior Security Engineer. Successful candidates will be strong software developers and architects with an eye toward security and the ability to become evangelists and leaders.In this role, your primary focus will be ensuring and maintaining our high standards of security, specifically with regards to member data.
CLEAR is a fast and nimble company, so the ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls
What You Will Do:
- Partner with the company’s Software Engineering, DevOps, and IT teams.
- Perform security risk assessments, threat modeling, security testing, and code review
- Automate security testing, code tools and pipelines, and create secure libraries and code launchpads to be used throughout the company
- Work side by side with and educate developers on security best practices.
- Lead internal and external penetration tests and code security audits
- Triage issues with internal stakeholders for remediation.
- Establish security standards and specifications to balance the needs of a more secure product offering with the needs of the business.
- Help develop and enable a secure by default culture
Who You Are:
- 5+ years of experience in software development with interest or experience in security/secure coding
- Ability to architect and design software applications
- Has excellent interpersonal communication skills and can take very technical issues and make them understandable to all audiences.
- Personal passion for security and cutting edge security concepts.
Required Skills:
- Experience coding web applications and web services.
- Proficient in reading many different programming languages.
- Experience writing in one or more of the following programming languages: C/C++, Java, Ruby, Python, and JavaScript.
- Able to evaluate, deploy, and manage software tools and build strong vendor relationships.
- Experience with a public cloud based provider (AWS Azure, or GCP)
- Knowledge of containers (e.g Kubernetes, Docker, ECS).
- Experience integrating with continuous integration tools and pipelines
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details to business leaders.
- Experience leading teams or projects or have functioned as a software development lead
Desirable Skills:
- Understanding of and/or experience with OWASP Top 10
- Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
- Background in application security including knowledge of internet security issues and threat landscape
Bonus Points:
- Experience with mobile platform-specific security, privacy, and permission concepts for iOS & Android mobile platforms. (Intricate understanding of WebViews, TouchID API, Frida, Radare, etc.).
- Knowledge of TCP/IP, HTTP, RESTful APIs and experience supporting service-oriented, asynchronous, and distributed application architectures.
- Familiarity with one or more industry standards and regulations such as PCI, HIPAA, NIST 800-53, FedRAMP and ISO27001.
- Participates in CTFs or actively contributes to the security community through exploitation development.
Tags: Android APIs Application security Audits Automation AWS Azure C C++ Cloud DevOps Docker FedRAMP GCP HIPAA iOS ISO 27001 Java JavaScript Kubernetes NIST OWASP Privacy Python Ruby Security assessment Security Assessment Report TCP/IP
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs