Job Description Sr. Cloud Security Engineer – REMOTE Why you want to work at Flexion: We’re looking for a Cloud Security Engineer with an unwavering passion for working in autonomous, self-directed teams to build and secure complex systems using lean, agile mindsets. You will deliver incremental business value with each sprint and enable options at all scales. For this project, you will be working with a team that will be modernizing a critical state government system and helping to improve the lives of millions of state residents. Flexion is an agile software company that’s been delivering excellence for over 24 years. Our company culture is built on autonomy, trust, and transparency. We empower teams to remain self-sufficient and self-directed by hiring people who can solve complex problems through collaboration-this means lending a hand and flexing your multi-skilled muscles (security and application engineering, DevOps, research, business analysis, information architecture, etc.) as needed. Every member within a cross-functional team is a leader who takes responsibility for the entire team’s success, which mirrors the company’s overall flat structure. You will tackle a wide variety of technical problems and exercise and expand your full range of skills and experience What the job looks like: You will be part of a Security Engineering team helping our client enhance their cloud infrastructure and application security practices. You will be working alongside our legacy system modernization team by raising the maturity of our client’s security and infrastructure teams. We strive to automate all the things and build the highest quality secure systems with modern, cloud-native tools and emerging technologies. This team will act as consultants, advisors, and implementers to assist those program teams to improve in security, stability, reliability, scalability, usability, quality, and efficiency. The project work is primarily remote but may require some client on-site work estimated at Advance the state-of-the-art practice for information and application security engineering across Flexion and our clients. Consult with and advise security engineers on the client program teams on security best practices. Develop and enhance tools to extract metrics about the security posture of the program. Run different security scans as needed. Perform security code reviews and pair with teammates to ensure security best practices are followed throughout the entire development lifecycle. Contribute to the design and architecture of software and infrastructure to ensure projects meet goals for security, scalability, maintainability, availability, and resiliency and should be able to clearly articulate and present the implications of design/architectural decisions, issues, and plans to leadership. Facilitate technical designs, architecture and planning. Embrace and enhance agile engineering practices such as delivering small narrow slices of functionality, Test Driven Development, Continuous Integration/Continuous Deployment, and Infrastructure as Code. In addition, you will work with other security engineers across the client on larger security initiatives to support the entire agency. Why we want to hire you: You thrive working in a dynamic environment and think, design, and code with the knowledge that things will change. You can design small pieces as you go, while still thinking about how they fit into the whole. You welcome change as a positive thing and never look at anything you deliver as “final.” You understand when “good enough” really is good enough, without ever compromising on the overall product quality. You want to work with team members who challenge you every day. You demonstrate an unwavering commitment to automated code coverage. You have: Extensive experience in Information Security, Cloud and Operations Security, Application Security, Threat Modeling and Risk Identification, Security Controls and Compliance, Pen testing, Dynamic and Static Scanning Tools. Strong familiarity with OWASP Top 10 and ASVS, and the ability to train other engineers in the identification and remediation of application vulnerabilities. Experience with Google Cloud Platform security tools and technologies. Solid security engineering experience with applying macro-level requirements of NIST 800-53 RMF controls from security control assessments to specific application implementation through threat modeling, and security impact analyses The ability to facilitate the identification of relevant application security threats (Threat Modeling in particular) and to establish appropriate security control requirements and test plans. Fluency with agile methods including Scrum. The ability to ensure that software and infrastructure is architected, designed, and implemented to avoid security-related logic flaws and other adverse security consequences. The ability to provide guidance to other engineers on the appropriate selection and implementation of relevant application security controls. Experience with tools supporting DevSecOps and Continuous Delivery Experience with Security Tools including: ZAP, Burp Suite, SonarCloud/SonarQube, Snyk, Nessus, SSL analysis tools, Packet analysis tools and AWS Security Hub. A Bachelor’s degree (or higher) in Computer Science or a related field or equivalent experience 6+ years of overall IT experience, minimum of 4 years of Cloud Security experience At Flexion, we live by these principles: Speak openly and honestly with your colleagues and clients about problems and proposed solutions Welcome and handle changing requirements and priorities with little or no warning Collaborate online in small groups about 50% of the time Encourage simple and minimal solutions that keep options open Expect and vocally advocate for quality and security first Learn new practices and techniques as the situation demands Ensure the teams develop demonstrable software every week or two Do what needs to be done to deliver the product or project without ego or attitude Dig deep to find the root causes of problems so we can create the right solutions Relentlessly improve yourself, your team, and your processes The compensation for this position is $135,000 to $170,000 annually. The most efficient way to reach our recruiting team is to submit your resume through the URL provided. If you have questions or would like more information about this job posting or if you’d like to know more about Flexion Inc. in general, please contact CHRISTINA NEWMAN at . Equal Employment Opportunity/Affirmative Action Employer If you require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at for assistance.
application-security Agile sonarqube Business Analyst CI/CD Researcher Information architecture (IA) OWASP devsecops Information security cloud-security snyk DevOps Google Cloud Platform (GCP) Security Burp Suite sonarcloud zap Scrum nessus Risk analysis