Security Engineer

Remote • Posted 13 hours ago • Updated 1 hour ago
Full Time
Remote
Fitment

Dice Job Match Score™

📊 Calculating match score...

Job Details

Skills

  • Accounting
  • SaaS
  • Payments
  • Analytics
  • Customer Experience
  • Software Development
  • Enterprise Software
  • Web Applications
  • API QA
  • Data Flow
  • Risk Assessment
  • Amazon EC2
  • Remote Desktop Services
  • Amazon RDS
  • Amazon CloudFront
  • WAF
  • Amazon Route 53
  • Supply Chain Management
  • Dashboard
  • Splunk
  • Microsoft
  • DevOps
  • Management
  • Amazon SageMaker
  • Data Security
  • Mentorship
  • Software Security
  • Security Engineering
  • Software Development Methodology
  • Code Review
  • API
  • Web Testing
  • Microservices
  • Authentication
  • Authorization
  • OAuth
  • OIDC
  • SAML
  • Access Control
  • Virtual Private Cloud
  • Computer Networking
  • Encryption
  • Amazon S3
  • Hardening
  • Terraform
  • YAML
  • Bitbucket
  • Jenkins
  • Emulation
  • Mapping
  • SPL
  • SQL
  • Apache Lucene
  • Scripting
  • Bash
  • Windows PowerShell
  • Security QA
  • Kubernetes
  • RBAC
  • Network
  • Python
  • JavaScript
  • TypeScript
  • Java
  • Kotlin
  • C#
  • Communication
  • Leadership
  • Machine Learning (ML)
  • Testing
  • Evaluation
  • Threat Modeling
  • Data-flow Diagrams
  • Cloud Security
  • Burp Suite
  • OWASP
  • Fortify
  • Cloud Computing
  • Continuous Integration
  • Continuous Delivery
  • ATLAS
  • ISO/IEC 27001:2005
  • System On A Chip
  • PCI DSS
  • Penetration Testing
  • OSCP
  • CISSP
  • Embedded Systems
  • Development Testing
  • Workflow
  • SCA
  • Partnership
  • Collaboration
  • SIEM
  • Amazon Web Services
  • Security Controls
  • Vulnerability Management
  • Artificial Intelligence

Summary

Security Engineer

Location: Worldwide (Remote-first / Hybrid optional)

Reports to: Principal Engineer, Platform

About CINC Systems

CINC Systems is the leading provider of accounting and management software for the community association management industry. Our platform powers tens of thousands of associations and millions of homes through secure, reliable, and increasingly intelligent software systems.

We are evolving our platform into an AI enabled ecosystem that combines modern SaaS architecture, operational workflows, communications, payments, analytics, and automation into a unified customer experience. This transformation requires engineers who are equally comfortable designing enterprise systems, working directly with business workflows, and leveraging AI to accelerate software development and product capabilities.

The systems we build are increasingly interconnected and AI enabled. Success in this environment requires more than coding ability alone. It requires judgment, systems thinking, customer understanding, and the ability to integrate modern AI capabilities into practical enterprise software.

Role Overview

We are looking for a highly technical Security Engineer with deep experience across application security, AWS cloud security, offensive security, secure SDLC, threat modeling and AI security. This role is suited for someone who can operate at both the engineering and adversarial levels by reviewing architecture, testing applications, identifying exploitable weaknesses, automating security workflows, securing AWS infrastructure and helping product teams build resilient systems.

The ideal candidate has hands-on experience with SAST, DAST, SCA, manual application security testing, AWS security reviews, red teaming, SIEM-driven detection workflows, infrastructure-as-code security and security automation. They should be comfortable working directly with engineering teams while also thinking like an attacker to uncover realistic abuse paths across applications, APIs, AWS services, CI/CD pipelines and AI-enabled systems.

Key Responsibilities
  • Lead security reviews for web applications, APIs, microservices, AWS workloads, internal platforms and AI-enabled products.
  • Perform advanced application security testing using SAST, DAST, SCA, manual code review, API testing and business logic testing.
  • Identify vulnerabilities across authentication, authorization, session management, access control, injection, SSRF, deserialization, insecure file handling, data exposure and insecure API design.
  • Conduct threat modeling for new products, critical features, AWS architectures, AI workflows, identity systems and high-risk data flows.
  • Build and improve secure SDLC processes, including security requirements, code scanning, dependency review, CI/CD security gates and release risk assessments.
  • Review infrastructure-as-code templates such as Terraform, CloudFormation, AWS CDK, Helm charts and Kubernetes manifests for security misconfigurations.
  • Assess AWS environments for IAM weaknesses, exposed services, insecure networking, public S3 buckets, secrets leakage, logging gaps, encryption issues, workload risks and privilege escalation paths.
  • Review AWS IAM policies, roles, trust relationships, permission boundaries, service control policies, identity federation and cross-account access patterns.
  • Assess AWS services such as EC2, S3, Lambda, ECS, EKS, RDS, API Gateway, CloudFront, WAF, KMS, Secrets Manager, Systems Manager, ECR, VPC, Route 53 and IAM Identity Center.
  • Conduct red team exercises, adversary simulations, attack path analysis and controlled exploitation to validate real-world risk.
  • Develop proof-of-concept exploits, custom scripts and automation to reproduce vulnerabilities and demonstrate business impact.
  • Evaluate containerized and Kubernetes environments, including EKS, for workload isolation, RBAC issues, exposed services, image risks, secrets handling and runtime security gaps.
  • Assess CI/CD pipelines for insecure workflows, overprivileged tokens, secrets exposure, supply chain risks, artifact integrity and deployment abuse paths.
  • Perform software composition analysis to identify vulnerable dependencies, license risks, malicious packages, transitive dependency exposure and supply chain weaknesses.
  • Use SIEM and security telemetry to support investigations, validate attack paths, improve detections and measure control effectiveness.
  • Build detection logic, threat hunting queries, dashboards and alerting workflows using SIEM platforms such as Splunk, Microsoft Sentinel, Elastic, Chronicle or AWS-native telemetry.
  • Use AWS security services such as GuardDuty, Security Hub, CloudTrail, AWS Config, Inspector, Detective, Macie, IAM Access Analyzer, Security Lake and CloudWatch to improve visibility and detection coverage.
  • Automate security workflows using Python, Bash, PowerShell, Go or similar scripting languages.
  • Develop threat automation for vulnerability enrichment, alert triage, AWS posture checks, attack simulation, evidence collection and remediation tracking.
  • Partner with DevOps and platform teams to improve secrets management, identity controls, network segmentation, logging, monitoring and secure deployment patterns.
  • Assess AI and LLM-based systems for risks such as prompt injection, indirect prompt injection, data leakage, insecure tool use, excessive agency, jailbreaks, model abuse, retrieval poisoning and unsafe agent behavior.
  • Review AI workloads using AWS services such as Amazon Bedrock, SageMaker, Lambda, API Gateway, S3, KMS and IAM for secure design, data protection and access control.
  • Produce clear technical reports with evidence, exploitability, impact, likelihood, risk rating and actionable remediation guidance.
  • Mentor engineers and security team members on secure coding, AWS security, offensive testing, threat modeling and AI security risks.

Required Qualifications
  • Strong hands-on experience in application security, product security, AWS cloud security, offensive security or security engineering.
  • Deep understanding of secure SDLC practices and experience embedding security into engineering workflows.
  • Practical experience with SAST, DAST, SCA, manual penetration testing, code review and vulnerability validation.
  • Strong knowledge of OWASP Top 10, OWASP API Security Top 10, OWASP ASVS, common CWE classes and real-world application attack techniques.
  • Experience testing web applications, APIs, microservices, cloud services, containers and distributed systems.
  • Strong understanding of authentication, authorization, identity federation, OAuth, OIDC, SAML, JWT, session security and access control design.
  • Hands-on experience securing AWS environments in production.
  • Strong knowledge of AWS IAM, VPC networking, encryption, KMS, Secrets Manager, S3 security, CloudTrail, GuardDuty, Security Hub, AWS Config and workload hardening.
  • Experience reviewing infrastructure-as-code and identifying security issues in Terraform, CloudFormation, AWS CDK, Kubernetes YAML, Helm, Dockerfiles or similar technologies.
  • Experience with CI/CD security across tools such as bitbucket pipelines, Jenkins, AWS CodePipeline, or similar platforms.
  • Experience with red teaming, adversary emulation, penetration testing, exploit development, attack path mapping or offensive security assessments.
  • Familiarity with SIEM platforms and the ability to write detection or hunting queries using SPL, KQL, SQL, Lucene, YARA, Sigma or similar languages.
  • Strong scripting ability in Python, Bash, PowerShell, JavaScript or similar languages.
  • Ability to automate repetitive security tasks and build internal tools that improve security testing, visibility and response.
  • Familiarity with container and Kubernetes security, including ECS,EKS, RBAC, admission controls, image scanning, runtime controls, network policies and secrets handling.
  • Ability to review code in languages such as Python, JavaScript, TypeScript, Java, Go, Kotlin, C# or similar.
  • Strong written and verbal communication skills, with the ability to explain complex technical risks to engineering and leadership teams.

Preferred Qualifications
  • Experience securing AI-enabled applications, LLM products, autonomous agents, RAG pipelines, AI plugins or ML infrastructure.
  • Experience performing AI red teaming, prompt injection testing, jailbreak testing, model abuse testing or evaluation of agentic workflows.
  • Experience with AWS Organizations, Control Tower, service control policies, multi-account security patterns and centralized logging.
  • Experience with threat modeling methodologies such as STRIDE, PASTA, attack trees, abuse cases, data flow diagrams or architecture risk reviews.
  • Experience with security automation, SOAR workflows, detection-as-code, policy-as-code or cloud security posture automation.
  • Experience with tools such as Burp Suite Pro, OWASP ZAP, Semgrep, CodeQL, Checkmarx, Fortify, Veracode, Snyk, Dependabot, Trivy, Grype, Syft, Gitleaks, Checkov, tfsec, Prowler, ScoutSuite, Wiz, Prisma Cloud or similar.
  • Experience building custom security tooling, scanners, exploit harnesses, detection rules, cloud guardrails or CI/CD security integrations.
  • Experience with MITRE ATT&CK, MITRE ATLAS, CIS Benchmarks, AWS Well-Architected Security Pillar, NIST, ISO 27001, SOC 2, PCI DSS or similar frameworks.
  • Experience with bug bounty programs, coordinated vulnerability disclosure, internal red team programs or external penetration testing engagements.
  • Relevant certifications such as OSCP, OSWE, OSEP, GWAPT, AWS Certified Security Specialty, AWS Solutions Architect, CISSP or equivalent practical experience.

What Success Looks Like
  • Security is embedded into design, development, testing and deployment workflows.
  • SAST, DAST, SCA, secrets scanning, IaC scanning and AWS posture checks are implemented with practical tuning and low operational noise.
  • High-risk application and AWS vulnerabilities are identified early, validated accurately and remediated with engineering partnership.
  • Threat models are used to influence architecture decisions before systems reach production.
  • Red team findings translate into improved controls, stronger detections and reduced attack paths.
  • SIEM, AWS logs and security telemetry are used to validate security controls and detect realistic abuse scenarios.
  • Security automation reduces manual review effort and accelerates vulnerability management, investigation and remediation.
  • AI-enabled systems are reviewed for emerging threats before they are released or scaled.
  • Engineering teams view security as a technical partner that helps them ship resilient products.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 80183947
  • Position Id: 968619008620cb6aab486e85d6c34c6f
  • Posted 13 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Remote or Kansas City, Missouri

Today

Full-time

USD 80,000.00 - 150,000.00 per year

Remote

3d ago

Easy Apply

Contract

Depends on Experience

Remote

Today

Full-time

USD 131,250.00 - 235,156.00 per year

Remote or Texas

Today

Full-time

depends on experience

Search all similar jobs