Security Software Engineer

The primary focus of this role is to systematically reduce their attack surface by addressing high-priority security risks.

Using Snyk as the primary scanning tool, this engineer will be responsible for identifying, prioritizing, and remediating dependencies with known exploitable vulnerabilities.

The goal is a targeted reduction of risk, not a simple "update-all" approach.Role & Responsibilities : The engineer will be responsible for the following : Vulnerability Analysis : Analyze the results of Snyk scans of their codebases (Ruby, Go, Python, JavaScript).

Prioritization : Critically assess Snyk reports to distinguish between theoretical vulnerabilities and those that are genuinely exploitable within the context of their applications.Targeted Remediation : Plan and execute targeted dependency upgrades or apply patches specifically to fix the prioritized exploitable vulnerabilities, ensuring minimal disruption to the system.Code & Test Validation : Refactor code and update unit / integration tests as necessary to support the upgraded dependencies and validate the fixes.Collaboration & Documentation : Work closely with internal security and engineering teams, participate in code reviews, and clearly document the rationale for each remediation.Required Skills & Qualifications (Must-Haves) : Candidates must have demonstrable, hands-on experience in the following areas : Security Tooling : Proven professional experience using Snyk to identify, prioritize, and manage vulnerabilities in a production environment.

Candidate must be able to interpret Snyk's findings, including exploit maturity and reachability.Strong professional experience with all of the following languages : ? Ruby (including Ruby on Rails)? Go? Python? JavaScript? TypeScriptDeep expertise with package managers for each ecosystem (e.g., package.json, Go Modules, Pip / Poetry, NPM / Yarn).

Version Control : Expert-level proficiency with Git.Automated Testing : A strong commitment to quality with proven experience in writing comprehensive tests.Preferred Qualifications (Nice-to-Haves) : While not mandatory, preference will be given to candidates with experience in : Other Security Tools : Familiarity with other SAST / SCA tools (e.g., GitHub Advanced Security, Checkmarx, Trivy).

CI / CD Integration : Experience integrating security tools like Snyk into CI / CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions).

Containerization : Experience with Docker and container orchestration (e.g., Kubernetes).

Benefits : A fully remote position, allowing for work-life balance.The opportunity to be a part of a mission-driven company that is committed to taking care of its employees.Two weeks of paid vacation per year10 paid days for local holidaysWork Schedule : US Eastern Standard Time

• Please note this role is currently for a 3-month project with the potential for a long-term position.