Security Engineer II

About Sibros Technologies

Who We Are

Sibros is accelerating the future of SDV excellence with its Deep Connected Platform™ that orchestrates full vehicle software update management, vehicle analytics, and remote commands in one integrated system. Adaptable to any vehicle architecture, Sibros’ platform meets stringent safety, security, and compliance standards, propelling OEMs to innovate new connected vehicle use cases across fleet management, predictive maintenance, data monetization, and beyond.

Learn more at www.sibros.tech.

Our Mission

Our mission is to help our customers get the most value out of their connected devices.

Follow us on

LinkedIn | Youtube | Instagram

About the role:

Job Title: Security Engineer II

Experience: 3 - 5 years

We are looking for a Product Security Engineer to drive end-to-end security across web applications, APIs, cloud systems, and emerging firmware layers. This role focuses on proactively identifying vulnerabilities, integrating security into the SDLC, and building scalable, automated security solutions using modern tools, including AI-driven technologies. You will work closely with engineering teams to ensure secure design, development, and deployment, while also exploring and strengthening firmware-level security as part of a holistic product security approach.

What you’ll do:

• Web & API Security Testing: Perform manual & automated testing aligned with OWASP Top 10 (including API security).
• Code & Release Security Reviews: Continuously review code changes/releases and validate vulnerability fixes.
• Security Tooling & CI/CD Integration: Implement and manage SAST, DAST, and automated security scans in pipelines.
• API Discovery & Inventory Management: Discover, track, and maintain API inventory (including shadow APIs) with risk classification.
• Advanced API Testing: Perform API fuzzing, abuse-case testing, and identify business logic vulnerabilities.
• Cloud Security Management: Secure cloud environments using CSPM, CWPP, CIEM, and CNAPP; remediate misconfigurations and identity risks.
• Threat Modeling & Secure Design: Conduct STRIDE-based threat modeling and recommend secure architecture improvements.
• Security Automation & Optimization: Build automated security pipelines, enforce security gates, and enhance detection using AI and continuous tuning.
• Security Audit & Compliance Support: Provide technical evidence and documentation for internal and external security audits (e.g., SOC2, ISO 27001, PCI-DSS) to ensure continuous regulatory compliance and security assurance.

What you should know:

• Professional Tenure: 3-5 years of professional work experience in cybersecurity and application security.
• Application Pentesting: Hands-on experience performing comprehensive security assessments on Web and Mobile applications.
• Vulnerability Analysis: Proficient in SAST, DAST, and API security testing using industry-standard tools like Semgrep and Burp Suite.
• Willingness to learn firmware security: Should have strong willingness to learn firmware or embedded security.
• Cloud Security Expertise: Solid understanding of AWS and GCP environments, including CNAPP, CSPM, CWPP, and CIEM frameworks.
• Risk Mitigation: Ability to identify cloud risks such as misconfigurations and insecure identities while ensuring continuous compliance monitoring.
• Security Architecture: Strong grasp of web and API security concepts, focusing on authentication, data exposure, and business logic testing.

What we offer

• Competitive and generous total compensation package including equity options.
• Flexible vacation and paid time off. You’re the best person to decide when you need time off. Our flexible vacation policy puts you in control.
• Team events and off-sites.
• Budget for online courses, books, and conferences.
• Employee wellness programs to support self-care and overall wellness.

Employment Opportunity

Sibros is committed to a policy of equal employment opportunity. We recruit, employ, train, compensate, and promote without regard to race, color, age, sex, ancestry, marital status, religion, national origin, disability, sexual orientation, veteran status, present or past history of mental disability, genetic information or any other classification protected by state or federal law.

Privacy

At Sibros, we value your privacy and understand the importance of safeguarding your personal information. In order to effectively track candidates for current and future opportunities, we collect and securely store your personal data. The information you provide during the application process will be kept confidential and used solely for recruitment purposes.

To ensure the highest level of privacy protection, we utilize third-party service providers for data management but never share your information for any other purpose outside of recruitment. Should you need to access, update, or delete your candidate profile information, our dedicated team is available to assist you. Please contact us at privacy@sibros.tech for any questions or requests.

To learn more about our commitment to data privacy, including compliance with GDPR and CCPA regulations, please visit our website at sibros.tech/privacy-policy