Security Engineer - Signzy

Join Signzy, a dynamic digital trust system, and be part of a tech-savvy team building innovative solutions. We are seeking a talented Security Engineer to contribute to our mission of creating secure, legal, and convenient digital contracting experiences.

About Signzy

Signzy is at the forefront of digital trust, offering robust solutions for identification, background verification, forgery detection, and contract management. Our proprietary biometric authentication and blockchain trail provide unparalleled security and legal backing. We foster a culture of innovation, driven by a passionate team and supported by forward-thinking investors.

The Role: Security Engineer

We are looking for a proactive Security Engineer to play a crucial role in safeguarding our applications and infrastructure. If you have a passion for security and a drive to excel, this is your opportunity to shape the future of digital trust.

Responsibilities

Application Security

• Conduct secure code reviews, threat modeling, and SAST/DAST.
• Integrate and manage automated security scanning tools (Semgrep, Snyk, Trivy, Gitleaks) within CI/CD pipelines.
• Collaborate with development teams to resolve vulnerabilities and embed security throughout the Software Development Life Cycle (SDLC).
• Provide guidance on secure architectural patterns, including authentication, authorization, data encryption, API security, and mobile app protections (SSL pinning, mTLS).

Infrastructure & Cloud Security

• Harden cloud environments (AWS/GCP/Azure) by managing IAM, VPC design, encryption, and network segmentation.
• Implement and secure infrastructure-as-code for Terraform, Helm, and Kubernetes deployments.
• Perform internal and external penetration tests, configuration reviews, and vulnerability management for servers, containers, and endpoints.
• Support continuous monitoring (WAF, SIEM, EDR/MDM) and incident response efforts.

Security Assessments & Compliance

• Lead periodic security assessments, including vulnerability assessments, penetration testing, firewall rule reviews, user-access audits, and network segmentation reviews.
• Document assessment findings, track remediation progress, and provide risk-based recommendations.
• Assist in gathering evidence for compliance with standards such as ISO 27001, SOC 2, PCI-DSS, and GDPR.

Continuous Improvement

• Research emerging threats (e.g., supply-chain attacks, package ecosystem risks) and propose mitigation strategies.
• Contribute to security runbooks, policies, and developer security awareness training.

Qualifications

Must Have

• 2-4 years of experience in application or infrastructure security engineering.
• Solid understanding of web/mobile security, OWASP Top 10, cloud security principles, and Linux/Unix systems.
• Hands-on experience with CI/CD pipelines and security tools (SAST, DAST, container scanners, SIEM/EDR).
• Proficiency with SAST/DAST tools such as Burp Suite, OWASP ZAP, Semgrep, and Fortify.
• Knowledge of network and OS hardening for Linux and cloud workloads.
• Experience with internal and external penetration testing methodologies.
• Familiarity with common security tools like Nmap and Metasploit.
• Hands-on experience with mobile application security testing for Android and iOS.
• Familiarity with threat modeling frameworks (STRIDE, MITRE ATT&CK) and SBOM management.
• Scripting or programming skills in Python, Go, or Bash for automation.
• Fundamental knowledge of cloud environments.
• A security-first mindset with strong curiosity and analytical skills.
• Ability to review firewall rules, ACLs, and security groups for adherence to the principle of least privilege.
• Understanding of network segmentation and zero-trust architecture.
• Skill in translating complex vulnerabilities into actionable guidance for developers.
• A collaborative approach to working with engineering, DevOps, and compliance teams.
• Strong reporting and documentation skills, including writing assessment reports.
• Knowledge of security standards like ISO 27001, NIST 800-53, and CIS Benchmarks.

Good to Have

• Container & Kubernetes Security: Familiarity with Trivy, Falco, Kubescape, Kyverno.
• IaC Security: Experience with Terraform/CloudFormation scanning tools like Checkov, Tfsec.
• DevSecOps Integration: Experience embedding security tests into CI/CD platforms (GitLab, GitHub Actions, Jenkins).
• Advanced API Security: Hands-on experience with API gateways (Kong, Apigee, AWS API Gateway) and WAF tuning.
• Cloud-Native Security: Experience with tools such as GuardDuty, Security Hub, AWS Config, GCP SCC.
• Emerging Areas: Familiarity with AI/ML model security.
• Certifications: OSCP or Cloud Security certifications (e.g., AWS Security Specialty) are a plus.