Senior Security Engineer

Job Description

We are seeking a Senior Security Engineer (DevSecOps / Application Security) to join Flo as our first dedicated security engineer, focusing on embedding security into our application development and cloud infrastructure.

You will work closely with Engineering and Platform (DevOps) teams to integrate security into the software development lifecycle and cloud environments. This role is hands-on and execution-focused, while also requiring the ability to identify security gaps, recommend improvements, and influence teams to adopt secure practices.

This role is ideal for someone who enjoys working closely with developers, improving security in real-world systems, and driving practical security outcomes through collaboration.

What you'll do

As the Senior Security Engineer, you will focus on application and cloud security while supporting the broader cybersecurity posture of the organization. As the first security engineer, you will play a key role in improving how security is implemented in practice and how engineering teams adopt secure development practices.

Secure Development & Cloud Practices

• Collaborate with developers to embed secure coding practices and conduct code reviews for high-risk features.
• Conduct threat modeling and provide security input on application and cloud design.
• Integrate security scanning tools (SAST, DAST, SCA) into CI/CD pipelines.
• Collaborate with the Platform Team (DevOps) to secure containerized workloads (e.g., Docker, Kubernetes), infrastructure-as-code, and serverless applications.
• Work with the Platform Team to secure configuration across AWS accounts, including IAM, encryption, and network controls.
• Implement and manage Web Application Firewalls (WAFs) to protect applications from OWASP Top 10 vulnerabilities and other common attacks.

Security Innovation & Continuous Improvement

• Stay current with emerging threats, vulnerabilities, and cybersecurity technologies.
• Proactively identify security gaps and drive practical improvements across application and cloud environments.
• Proactively identify areas for risk reduction and security automation.
• Collaborate across teams to build a culture of security-first thinking in everything we build and deploy.
• Work closely with Engineering and Platform teams to drive adoption of security best practices.
• Communicate security risks and recommendations clearly and concisely.
• Support teams in balancing security requirements with delivery timelines.
• Contribute to building a culture of security awareness across engineering.

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field.
• Strong experience in cybersecurity roles focused on application and cloud environments, preferably in senior or lead-level positions.
• Strong understanding of secure coding, web security standards (e.g., OWASP Top 10), and CI/CD security practices.
• Hands-on experience with CI/CD security.
• Programming or scripting experience in Python or a general-purpose language such as Java, Kotlin, Go, or Ruby is preferred.
• Familiarity with AWS security services, IAM policies, and network security configurations.
• Strong understanding of IAM, SSO/SAML, and API security.
• Experience with vulnerability scanners, container security, and code analysis tools (e.g., Snyk, Trivy, Semgrep).
• Exposure to infrastructure-as-code (e.g., Terraform, CloudFormation) and cloud-native security tools like AWS Config, GuardDuty, and Security Hub.
• Aware of compliance frameworks such as ISO 27001, SOC 2, and PDPA.
• Relevant certifications such as CompTIA Security+, AWS Certified Security, or equivalent.
• Ability to clearly communicate security risks and remediation paths to engineering and platform teams.