Information Security Engineer

  • Somerville, MA
  • Posted 2 hours ago | Updated 2 hours ago

Overview

On Site
Depends on Experience
Full Time

Skills

Amazon Web Services
CISSP
Cisco Certifications
Cloud Computing
Cloud Security
Collaboration
Communication
Computer Science
Continuous Delivery

Job Details

Job Title: Information Security Engineer
Job Location: Somerville, MA Job Type: Full Time / Perm / Direct Hire Job Description: Pay Range: $134000yr - $170000yr
  • The Application and Cloud Security Lead provides technical leadership within the cybersecurity team, overseeing application security and cloud security initiatives.
  • This role is responsible for building and advancing secure software development practices, strengthening cloud security posture, and leading strategic security programs.
  • The ideal candidate is a highly technical security professional with experience in secure coding, DevSecOps, and cloud security architecture, capable of mentoring teams and driving enterprise-level security improvements.
Requirement/Must Have:
  • Strong expertise in application security and cloud security.
  • Experience building and leading application and/or cloud security programs.
  • Hands-on knowledge of secure software development lifecycle (SSDLC).
  • Expertise with application security testing tools (SAST, DAST, IAST, SCA).
  • Experience securing CI/CD pipelines and DevSecOps environments.
  • Proven leadership and mentoring experience.
Experience:
  • Minimum 5+ years of progressive experience in application security, cloud security, or related cybersecurity roles.
  • Experience leading complex security initiatives and strategic programs.
  • Experience collaborating with development, DevOps, and operations teams.
Responsibilities:
  • Design and lead application and cloud security programs aligned with business and security objectives.
  • Lead engineers in executing strategic security roadmaps.
  • Design, implement, and maintain advanced security controls for applications and cloud environments.
  • Establish and maintain a secure software development lifecycle including threat modeling, secure coding standards, and testing practices.
  • Drive implementation and management of Cloud Security Posture Management (CSPM) tools.
  • Implement and integrate application security testing tools into development workflows.
  • Conduct and oversee application and cloud security assessments, including penetration testing and code reviews.
  • Provide technical leadership, guidance, and mentorship to security engineers.
  • Embed security into DevOps workflows and promote a DevSecOps culture.
  • Research, evaluate, and recommend new security technologies and methodologies.
  • Respond to and lead remediation of complex application and cloud security incidents.
  • Collaborate with vendors, partners, and stakeholders to align with industry best practices.
  • Ensure security solutions are scalable, maintainable, and aligned with established frameworks.
  • Perform other duties as assigned.
Should Have:
  • Experience with modern architectures, including microservices, APIs, and containers.
  • Knowledge of container and orchestration security (Docker, Kubernetes).
  • Familiarity with infrastructure-as-code security practices.
  • Experience participating in industry forums or regulatory discussions.
Skills:
  • Application security and secure coding practices.
  • OWASP Top 10 and application security frameworks.
  • Cloud platforms: AWS, Azure, or Google Cloud Platform.
  • CSPM tools and cloud-native security services.
  • CI/CD pipeline security and DevSecOps.
  • Vulnerability management and threat modeling.
  • Strong communication, leadership, and project management skills.
  • Ability to translate technical risks to technical and non-technical stakeholders.
  • Proficiency with Microsoft Office (M365) tools.
Qualification and Education:
  • Bachelor s degree in Information Security, Computer Science, or related field.
  • Advanced degree or equivalent professional experience preferred.
  • Relevant certifications preferred: CISSP, CCSP, CSSLP, cloud security certifications, or GIAC certifications.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.