Cyber Security Engineer

Job Title: Staff Cyber Security Engineer

Location: Dallas, TX -- Onsite role (five days a week)

Job Description:

• As a Staff Cyber Security Engineer, you will collaborate closely with the Engineering Organization, IT, Information Security, Software Engineers, and our DevOps departments.
• Your team will ensure our embedded platforms, back-end and front-end services, cloud infrastructure, DevOps pipelines, data pipelines, and software are secured in the most efficient manner.
• You will work to develop new systems and procedures to counteract threat vectors that arise within our cloud and embedded environments.
• The ideal candidate is passionate about understanding complex architectures they work in and is adept at translating non-functional security requirements to red-team actions.
• The ideal candidate is also a meticulous problem solver who can work under pressure when required and remains current with the latest attack trends and technologies.

Preferred Qualifications

• Master’s degree in Computer Science or relevant field of study.
• Cyber related certifications such as CompTIA CySA+, CISSP, CHFI, OSCP.
• Experience in digital forensics.
• Working experience within a DevSecOps environment.

As a leader in this space, you will:

• Lead initiatives to automate security validations and reporting, leveraging CI/CD pipelines, and security-as-code practices to minimize manual overhead and streamline compliance.
• Mentor engineering teams on secure coding, vulnerability management, and emerging attack trends—turning security into an enabler for rapid product delivery.
• Partner with incident response and DevSecOps teams to design resilient architectures, coordinate root cause analysis, and guide remediation across supply chain, application, and infrastructure layers.

What Sets You Apart

• Deep expertise in developing and applying security requirements in software and cloud-native product environments.
• Proven track record architecting secure solutions for enterprise-scale applications, data platforms, and embedded systems.
• Experience with security automation, secure SDLC, and modern DevSecOps practices.
• Advanced proficiency with cloud platforms (e.g., AWS, Azure, Google Cloud Platform), microservice architectures, serverless and container security, and supply chain risk management.

Key Responsibilities

• Threat Modeling: Develop and maintain comprehensive threat models across embedded platforms, cloud services, and software applications to proactively identify, prioritize, and mitigate potential vulnerabilities throughout the system development lifecycle.
• Embedded Platform Penetration Testing: Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
• Cloud-hosted Application Penetration Testing: Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
• Red-Teaming AI-Backed Services: Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities.
• Threat Detection and Analysis: Utilize advanced security tools like Cloud Security Posture Management platforms, open-source pen-testing tools, SIEMs, and SASTs to identify, analyze, validate, and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments.
• Data Analysis and Security Monitoring: Conduct comprehensive analysis of security data from microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Use SIEM tools to correlate security events and identify anomalies.
• Incident Response and Management: Participate in incident response efforts, perform root cause analysis, and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks.
• Supply Chain Security: Assess and mitigate security risks associated with the supply chain, like open source libraries, ensuring end-to-end security
• Software Security Flaws Mitigation: Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python, C++, C#, JS, Python, HCL
• Security Solutions Development: Develop and implement custom security solutions, minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines.
• Automating Security Test Functions: Develop and implement automated dynamic security testing functions to ensure continuous security validation.

Minimum Qualifications

• Expertise in secure API integration design and implementation
• Expertise in the OWASP top 10 for web applications, and LLMs along with mitigation and remediation techniques
• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Extensive experience in cybersecurity within software engineering environments.
• Experience with a programming language (C/C++, Python, Go, JavaScript / TypeScript, Rust)
• Proficiency in cloud security, threat detection, data analysis, and incident response.
• Expertise with security tools such as BurpSuite, PyRIT, Garak, MitM, Metasploit, Wireshark, Wiz, Sonarqube
• Experience standing up Security tooling to automate security hygiene, analysis, reporting or otherwise host tools or enhance intel capabilities
• Strong technical knowledge of microservice architecture, content distribution networks, data lakes, serverless functions, and databases.
• Familiarity with various cloud platforms and DevOps tools.
• Excellent analytical and problem-solving skills.
• Strong communication skills, both written and verbal.
• Ability to independently develop and implement security solutions.
• Experience in developing and implementing automated security testing functions.

Raj Vemula

Senior Director – Global Sourcing