Senior Security Engineer

Description

Our Oakland client is seeking a hands-on Senior Application Security Engineer to bridge application security and development teams. This is an opportunity to drive foundational application security work, working directly with developers to ensure secure software delivery across the organization.

This is a contract role to start, and is 100% remote.

Key Responsibilities:

Bug Bounty / Ethical Hacker Program Management (Bugcrowd):

• Own daily management of our Bugcrowd program
• Review and triage incoming vulnerability findings
• Work with ethical hackers and engineers on issue resolution
• Explain vulnerabilities and provide clear remediation guidance-understand not just what's wrong, but how to fix it

Secure Software Development Lifecycle (Secure SDLC):

• Help design and mature our secure SDLC program (security is early in the journey here)
• Partner with developers to integrate security testing early in the process
• Perform and coordinate hands-on security testing prior to production releases
• Identify and remediate vulnerabilities before deployment

Code Scanning & Tooling (Snyk):

• Manage and interpret findings from Snyk across code repositories
• Review, validate, and prioritize vulnerabilities, supporting developers to distinguish real issues from false positives
• Provide actionable, clear guidance for remediations

Social Account Security Oversight:

• Oversee security for company social media and brand accounts
• Enforce MFA, SSO, and leverage Survey as a tool for access management

Requirements

Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

5+ years in application security, secure software development, and penetration testing.

Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).

Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing.

Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.

Knowledge of cloud environments (AWS, Azure, Google Cloud Platform) and their security features.

Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

Additional Qualifications Preferred:

Industry certifications such as CSSLP, GWAPT, OSCP, or CEH

Experience with container security and CI/CD pipeline integration

Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS)

Prior experience working in agile, DevOps, or fast-paced development environments

Technology Doesn't Change the World, People Do.

Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.

Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app and get 1-tap apply, notifications of AI-matched jobs, and much more.

All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.

2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use and Privacy Notice.