Software Security Engineer

What you'll do:

• Implement and collaborate on product security features
• Mature and extend our DevSecOps pipeline.
• Detect, defend, and respond to threats to Cresta and its customers
• Support SOC 2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX and HIPAA audit processes with technical controls and evidence

• Perform security audits of Cresta's products and cloud infrastructure and drive remediation of security risks
• Improve and monitor Cresta's vulnerability management program to ensure we're monitoring and mitigating known vulnerabilities
• Develop internal tooling and automation.

What we look for:

• Ambitious, passionate and results-oriented, with excellent interpersonal and communication skills
• 4+ years of experience in application security engineering and cloud security (AWS/GCP)
• Security domain knowledge across many cyber security disciplines
• Experience in static code analysis and remediation
• Experience in security operations (SOC) and incident response

• Working knowledge of Python and Go to develop and collaborate with engineering on product security features
• Experience managing competing efforts and requirements
• Experience with fast-growing SaaS start-ups