Security Engineer

Security Engineer

We are seeking a highly skilled Security Engineer to join our growing Security team. This role will initially focus on security engineering and automation as an individual contributor, with the potential to grow into a managerial position overseeing a team of security engineers. The ideal candidate will have a strong background in security engineering, vulnerability management, and automation within a DevOps environment.

Key Responsibilities:

• Security Engineering and Automation:

• Establish and lead comprehensive security reviews, threat modeling, and architecture assessments for cross-team initiatives.

• Develop and maintain robust security frameworks, incorporating SAST, DAST, and Bug Bounty initiatives to identify and mitigate security vulnerabilities.

• Create and execute strategic roadmaps, aligning security efforts with business goals and ensuring proactive responses to emerging threats.

• Implement and manage automated security tools and processes within the CI/CD pipeline to ensure continuous security validation.

• Individual Contributor Role:

• Collaborate with cross-functional teams, including IT & Engineering to integrate security best practices into all stages of the software development lifecycle.

• Provide hands-on expertise in cloud security initiatives, ensuring alignment with security standards across production environments.

• Develop and enforce policies and guidelines, working closely with the DevOps team.

• Conduct vulnerability assessments, penetration testing, and security audits to identify and address security gaps.

• Participate in security research, investigations, platform hardening, and audits

• Leadership and Growth:

• As the role evolves, take on responsibilities for hiring, supervising, and mentoring junior security engineers.

• Lead the development and implementation of incident management processes, providing visibility to peers and executives and ensuring rapid response times.

• Collaborate with business units to execute security controls and reduce risk, including handling security investigations and supply chain vulnerabilities.

• Lead teams in threat modeling exercises to pressure test technical designs

Qualifications:

• Proven experience in security engineering, with a focus on automation and vulnerability management.

• Strong knowledge of security tools and technologies such as SumoLogic.

• Expertise in cloud platforms (AWS), infrastructure as code (CloudFormation, Terraform), and containerization (Docker).

• Proficient in secure SDLC tools (JIRA, Python, Jenkins, Chef, Git, Bitbucket, Github) and methodologies.

• Working knowledge of security and privacy laws.

• Experience in leading security programs, developing security policies, and conducting security architecture assessments.

• Excellent problem-solving skills and the ability to work independently as well as part of a team.

• Strong communication skills, with the ability to present complex security concepts to technical and non-technical stakeholders.

Preferred Qualifications:

• Experience in developing and implementing cloud security initiatives.

Education:

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degrees or certifications are a plus.

About Us

Sumo Logic, Inc. empowers the people who power modern, digital business. Sumo Logic enables customers to deliver reliable and secure cloud-native applications through its Sumo Logic SaaS Analytics Log Platform, which helps practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. Customers worldwide rely on Sumo Logic to get powerful real-time analytics and insights across observability and security solutions for their cloud-native applications. For more information, visit www.sumologic.com.

Sumo Logic Privacy Policy

The expected annual base salary range for this position is $137,000 - $170,000. Compensation varies based on a variety of factors which include (but aren't limited to) role level, skills and competencies, qualifications, knowledge, location, and experience. In addition to base pay, certain roles are eligible to participate in our bonus or commission plans, as well as our benefits offerings, and equity awards.