Security Engineer
The OnsetJob Description
A fast-growing e-commerce scale-up, owned by a major Silicon Valley retail platform, is looking for its first Security Engineer to establish and enhance its security posture.
This hands-on role involves improving security processes, systems, and governance across compliance, disaster recovery, vulnerability management, and firewall security. You’ll work closely with engineering teams to implement security best practices across infrastructure, applications, and cloud environments.
Key Responsibilities
You’ll lead security compliance efforts, conducting audit reviews and ensuring alignment with PCI DSS, ISO 27001, SAS 70, and other regulatory frameworks. You’ll also facilitate governance processes, manage risk registers, and enhance security documentation and SOPs.
Business continuity and disaster recovery will be a key focus, including maintaining BCPs and managing disaster recovery simulation testing to ensure operational resilience.
In vulnerability management, you’ll oversee penetration testing, security reviews, and remediation efforts, applying patches across code, infrastructure, and networks. You’ll also conduct firewall rule reviews, manage WAF rulesets, and monitor network security to prevent threats.
Beyond governance and operations, you’ll play a critical role in securing .NET applications, Azure infrastructure (AKS, Key Vault, DevOps, Application Gateways, Azure AD), web application firewalls, and MS SQL databases.
Qualifications & Experience
We’re looking for someone with at least three years of experience in security operations and engineering roles, with a strong understanding of security frameworks and tools like OWASP, PCI DSS, Cloudflare, and Sophos. You should be comfortable working in Microsoft .NET (C#), Azure environments, and Azure DevOps while having hands-on experience with database management, network monitoring, and vulnerability scanning tools like Semgrep. Familiarity with AWS is a plus.
This role is ideal for someone who thrives in fast-moving environments, enjoys hands-on security engineering, and wants to shape security strategy from the ground up.