Principal Security Engineer

  • BHO Tech
  • San Francisco, CA, USA
  • Feb 05, 2024
Full time Engineering

Job Description

s the Principal Security Engineer you will help create and maintain automated tooling, processes, and procedures that integrate into our SDLC process. To apply for the role, you should possess strong analytical, design, and problem diagnosis skills. You like thinking “outside the box”, are not afraid of ambiguity, get excited about difficult challenges, and are a motivated self-starter. You are a strong team player and thrive in a startup environment where flexibility is essential and delivering rock solid, customer focused solutions is paramount.

Job Responsibilities:

Develop custom software to help test, monitor and enforce security across our products and internal applications 
Manually test web applications in the attempt to exploit known vulnerabilities that would not be discovered through automated scans 
Work closely with product engineering, data engineering and QA teams to integrate security testing and code review into the SDLC 
Perform audits on internal and open source libraries for inclusion in our products 
Help to validate, address, and document responses to security findings from third-party vulnerability and penetration testing 
Utilize data to help generate insights into potential threats, and using this information to architect solutions 
Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems. 
Conduct periodic internal software security audits 
Review project technical designs and stay involved through their implementation to assist our product and data engineering staff with the finer points of application security 
Review implementation code of projects; identify security flaws, suggest and implement remediation tasks. 
Provide security guidance and experience to our product and data engineering teams 

Developed security tools in Python, Ruby, or Scala 
Static and Dynamic Analysis techniques experience (developing models or executing analysis tooling) 
Experience implementing complete solutions by integrating off-the-shelf and custom security tools 
Comprehension of the OWASP Top 10 and similar standard vulnerabilities 
Woftware engineering experience in production environments (Ruby on Rails experience is a plus) 
Extensive knowledge of web application vulnerabilities and attack methods such as CSRF, XSS, SQL Injection, etc 
Knowledge of AWS security implementation guidelines 
Experience with Data Loss Prevention 
Good verbal and written communication skills


$130K – $190K and higher (DOE)
0.001% – 0.001%

Visa Sponsorship

Not available

Best Regards,
Kris Young
Account Manager
BHO Tech
San Jose, San Francisco CA
Phone: 866 816-1615 x 823