Sr. Security Engineer

A LITTLE BIT ABOUT Boldr

• Boldr is the first global B-Corp dedicated to delivering world-class Client experiences while creating access to dignified, meaningful work in communities around the world.
• We are a global team, united by our desire to connect diverse people with common values for boldr impact.
• We employ just over a thousand team members across five countries and we want to employ over 5,000 people by 2027, if not sooner.

LET’S START WITH OUR VALUES

• Meaningful connections start with AUTHENTICITY
• We do our best work by being CURIOUS
• We grow by remaining DYNAMIC
• Our success combines AMBITIOUS VISION with OPERATIONAL EXCELLENCE
• At the heart of great partnerships we’ll always find EMPATHY

WHAT IS YOUR ROLE

As a Senior Application Security Engineer, you will be critical to the success of our company. You will work with multiple and diverse teams, including, but not limited to, Product, Infrastructure and Engineering, Legal, IT Operations, and Security. The role plays a critical function and cloud security efforts ensure we are continuously improving the security of our products and services.

The ideal candidate is a proven security technology and methodology expert who enables other

engineering partners to make the right security design decisions and trade-offs.

WHY DO WE WANT YOU

We are currently looking for impact-driven individuals who are passionate in helping Boldr grow and achieve our Purpose. We expect our Team to become our ultimate partners to success by always giving their 110% in everything, sharing their talents and quirks, and championing our core values: Curious, Dynamic and Authentic.

WHAT WILL YOU DO

• Play a pivotal role within Platform Engineering, driving global platforms and programs that span the organization
• Leading cross-functional, infrastructure, and software engineering programs spanning multiple teams
• Lead goal-driven global programs to develop and manage end-to-end solution plans, monitor and ensure on-time delivery
• Provide hands-on program management during analysis, design, development, testing, implementation, and support post-implementation phases
• Identify and manage risks, plan mitigations and drive change management on projects
• Provide day-to-day coordination and quality assurance for projects and tasks
• Drive internal and external process improvements across multiple teams and functions
• Interface with business stakeholders, engineering and cross-functional partners (XFN) for project requirements and scope
• Help drive product decisions to align with higher company initiatives
• Own undefined spaces bringing clarity to ambiguity by working with XFN stakeholders to clearly define business and technical problems we need to solve
• Define overall Vision, Strategy, and Roadmap to address the problems/opportunities in collaboration with Product Manager and Engineers
• Create product backlog with user stories to develop features
• Facilitate difficult conversations against competing priorities
• Develop execution plans to implement features. Lead product and technical discussions to identify and remove any roadblocks
• Be hands-on when needed and dive deep both on tech architecture and code/data
• Manage and track execution and accountability across different product/engineering teams
• Provide regular updates to the product teams and senior leadership
• Lead dogfooding sessions with stakeholders to solicit feedback on features under development
• Post launch, conduct roadshows, trainings across the organizations and evangelize product adoption
• Actively manage risks, issues, action items, follow-ups to ensure timely closure

Requirements

WHAT WE’LL LIKE ABOUT YOU

YOU ARE…

• Curious and authentic, just like us! #beboldr

• An analytical and critical thinker, with an eye for even the most minute of details
• Passionate about client satisfaction.

YOU HAVE…

• Minimum 7+ years of overall experience in information security with technical experience in any combination of the following: threat modeling experience, application security risk assessment, secure coding or OWASP ASVS, OWASP Top Ten exploitation paths, secure identity management and authentication, software development, and network security.
• Minimum 5 years of experience of application security engineering and preferably in one or more of the following languages (Scala, Python, Typescript, Bash)
• Minimum 3 years of experience with cloud environments (AWS preferred, Google Cloud, K8s, Containers, etc.)
• Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty.
• Technical knowledge on operating and cloud system security leveraging configuration standards such as CIS.
• Extensive understanding of MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Experienced in security testing tools and techniques, such as vulnerability management, SAST, Secret scanning, SCA, and penetration testing. Knowledge of identifying key risk indicators is important.
• Strong analytical skills with the ability to identify and mitigate security risks.
• Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling.
• Preferred but not required: Application security certifications
• Preferred but not required: Network optimization engineering experience with AWS and data streaming services

Benefits

• SSS
• Pag-ibig
• Philhealth
• HMO on day one
• 13th month pay
• Paid incentive leaves
• Personal time-offs (PTOs)
• Sick leave