Newsela is seeking to hire a Contractor based out of Latin America for Senior-Level Software Engineering Services.
Scope of Services:
- As a Contractor, you will play a pivotal role in ensuring the security of our SaaS products by designing and implementing security controls to protect sensitive data to prevent unauthorized access.
- Ensure compliance with relevant security standards, regulations, and industry certifications (e.g., SOC2, GDPR, HIPAA), while managing requirements gathering and remediation efforts for SOC2 and other security audits.
- Develop security-related documentation, such as policies, procedures, and control mappings, while participating in risk assessments and compliance reviews to identify areas for improvement.
- Champion security awareness and adherence to secure coding practices among development teams and provide guidance and support to internal stakeholders on security best practices and compliance requirements.
- You will work closely with our engineering teams to build advanced detection solutions to help keep systems and information safe and partner closely with our Legal team to conduct complex investigations.
- Collaborate with internal stakeholders and external partners, including vendors and customers, to respond to RFPs about product security and compliance.
- Manage investigations and security incidents by conducting root cause analysis and implementing corrective actions to prevent recurrence.
- Implement security controls and remediation activities to mitigate identified risks and vulnerabilities.
- Monitor and track compliance with security policies and standards, and report on findings to relevant stakeholders.
Skills / Experience
:
- 3+ years of experience as a Software Engineer, Product Security Engineer, or Security Engineer with proven experience in product security engineering and a focus on SaaS applications.
- Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CSSLP) preferred.
- Experience working with vendors and customers to respond to RFPs about product security and compliance, and experience working in partnership with Software Development and Legal teams for security compliance.
- Experience with requirements and remediation for SOC2 and other security audits for software as a service.
- Demonstrated coding ability in Python and familiarity with cloud computing platforms (e.g., AWS, Azure, GCP), and associated security controls.
- Strong understanding of web application security concepts, including authentication, authorization, encryption, and secure coding practices.
- Hands-on experience with security tools and technologies, such as vulnerability scanners, penetration testing tools, and SIEM solutions.
- Strong analytical and problem-solving abilities, with a keen attention to detail and a proactive approach to security challenges.
- Proven capacity to assess system security, discern patterns, and delve into intricate issues.
- Proficiency in making data-driven, risk-based decisions.
- Results-driven approach with exceptional interpersonal and communication abilities to effectively engage with technical and non-technical stakeholders.
- Strong empathy towards our customers, including internal developers.
Please note that given the nature of the contract, this role will not be eligible to participate in company-sponsored benefits.