Security Engineer II

Security Engineer II

About Subsplash

Subsplash is an exciting, award-winning team of 290+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we’ve remained family owned and operated while pioneering the market with the first ever church mobile app. Since then, we’ve been working together to build The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. We find excitement in serving our 17,000+ clients, creating impactful products, and delighting the 40 million real people who use our platform every day. Subsplash has won awards for best mobile experience, been voted top 100 Washington's Best Workplaces by the Puget Sound Business Journal, created some of the most downloaded apps of all time, and built enterprise software for world-class brands like XBOX, Microsoft, Samsung, Expedia, and Cisco; yet, at the end of the day, we love making a lasting impact and a difference in our world.

Working at Subsplash is more than just a job; we are a team of people who are courageous, inventive, and passionate about doing meaningful work every day. Don’t take our word for it—head to Glassdoor and see for yourself!

About the Team

The Subsplash Product & Engineering Team is responsible for all products that the company develops including the App Platform and Merchant Services. We are a team of designers, developers, and coordinators, creating polished experiences for our clients and end users. The P&E Team is responsible for the entire user experience including: End-User Mobile Apps, the Subsplash Dashboard (our Content Management System), Subsplash Giving (Our Donation and Merchant Services Platform), Media services, the Web App, backend data feeds, analytics, and more. The Product Team supports our Clients by providing a unified set of tools to help reduce administrative overhead so Clients can focus on their core mission and expand their reach.

About the Role

As a Security Engineer II, you will report to the Sr. Engineering Manager, Site Reliability Engineering and join a team of Site Reliability Engineers (SRE) and Data Engineers. You treat security concerns as first-class citizens and will prioritize industry best practices. You will work closely with Software Engineers and product team members to help them embed security tools and practices across all teams and phases of the software development lifecycle. You will collaborate closely with SREs, software architecture, IT and other roles to measure and report on cloud systems security compliance. You recognize the importance of stability, scalability, and uptime, with a critical focus on the security of our software systems and infrastructure. You enjoy helping colleagues identify important security vulnerabilities and supporting them to contribute meaningful improvements to the Subsplash products and platform.

Your Priorities

• Drive for and enable proactive identification, analysis, and remediation of security vulnerabilities in our software codebases and cloud infrastructure systems
• Respond to manage our pen testing and bug bounty programs
• Focus on selecting, integrating, and operating apps and tools that multiply individual efforts by automating preventative strategies, to help drive down manual, reactive tasks
• Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the software development lifecycle (SDLC).
• Participate in security reviews, threat modeling, and security improvement workshops
• Promote awareness of, and adherence to, secure coding best practices and standards
• Influence the strategy and implementation of security solutions, advocating for DevSecOps principles and identifying effective and efficient security guardrails
• Prioritize secure, scalable, observable code and infrastructure with a bias towards continuous improvement
• Design, develop, integrate, and maintain our core security tooling (e.g. SAST/DAST, SCA, etc.), driving adoption and iteration to provide clear value to engineering teams
• Maintain great communication with engineers and colleagues to help bridge the gap between compliance requirements and security solution implementation and iteration
• Participate in the team’s on-call rotation as needed, acting as the primary security subject matter expert for high-severity or escalated security incidents
• Partner with the IT team to provide security consultation and technical expertise with ad hoc projects and requests
• Act as the primary technical subject matter expert for the cybersecurity remediation project, working in lockstep with the SRE Manager and SRE team to implement solutions and track progress toward successful, timely completion.

Compensation

The total compensation for this role will be between $140,000 - $175,000/yr.

Required Education + Experience

• At least 3 to 5 years of full-time experience in a security engineering or similar role in a group/team environment
• Familiarity with common web application and network security concepts, threats, and vulnerabilities (e.g., OWASP Top 10)
• Experience with security best practices across different technology stacks (e.g., server-side, client-side, mobile)
• Proven ability to design and implement secure architectures in a cloud-native environment, including experience conducting threat modeling and security design reviews
• Embracing the Agile and feature-driven development processes

Desired Skills + Experience

• Bachelor of Science in Computer Science, Computer Engineering, Cybersecurity, or equivalent experience
• Experience with security features and tools available from cloud providers such as AWS, Azure, and GCP
• Experience with security testing tools (e.g., SAST, DAST, penetration testing tools)
• Experience with configuration management and infrastructure as code tools (e.g., Terraform, Ansible)
• Knowledge of data security best practices related to PCI/DSS, HIPAA, or other compliance standards
• Understanding of AI security best practices and prompt injection prevention and identification
• Familiar with common security frameworks and standards (e.g., ISO 27001, NIST, SOC 2)
• Experience with REST API microservice architecture, securing container runtimes, Kubernetes, and related cloud-native workload security principles and practices
• Familiar with good security engineering principles such as: least privilege, defense-in-depth, security automation, etc.
• Experience identifying and protecting against security risks such as XSS, SQL Injection, SSRF, insecure direct object references, and session hijacking.
• Experience in developing secure codebases using Git or similar version control systems
• Working understanding of OAuth2, OIDC, and other authentication/authorization protocols
• Knowledge of Continuous Integration, Continuous Delivery, LEAN, and SOLID principles as they relate to security

You are…

• Passionate: You demonstrate our core values of Humility, Innovation, and Excellence
• Trustworthy: You understand the importance of confidentiality with sensitive information
• Organized: You naturally have the ability to prioritize multiple projects and tasks
• A Communicator: You have a knack for clear and concise communication
• A Driver: You are smart, persistent, and not easily blocked
• A Learner: You are committed to growing and staying current with new technologies

Location

Subsplash currently has operations in 27 states across the US! As much as we would love to have employees in as many states and countries as we have clients, we are currently limiting hiring to the states we already operate in. As a result of that, this role is only available as a 100% remote position if you reside in one of the following states:

AL, AR, AZ, CO, FL, GA, ID, IA, IN, KS, KY, MO, MI, MN, NC, NM, OK, OH, OR, SC, SD, TN, TX, UT, VA, WA, WY.

Unfortunately, if you do not currently reside in one of these states, we are unable to consider your application.

Benefits

Generous Paid Time Off (Accrual rate of 15 days for the first year and then 20 vacation days per year beginning on your 1 year anniversary), Medical Coverage, Dental Coverage, Vision Coverage, short and long term disability and life insurance all free of charge, Competitive Compensation, 401k Matching, Professional Development, Top of the Line Equipment, Referral Program, Parental Leave, Family-Friendly Culture, and the chance to work side-by-side with thought leaders in emerging tech

This position is classified as Full-time/Exempt. Primary position hours are 7:30 am to 4:30 pm Mon-Fri.

Note: Employment with Subsplash is contingent upon satisfactory proof of employee’s right to work in the U.S., as required by law and upon completion of a basic background check and; Employment with Subsplash is considered “at will,” meaning that either the company or the employee may terminate the employment relationship at any time without cause or notice. Subsplash is an Equal Opportunity Employer. We value all human life as all people are created with equal dignity, value, and worth. We do not discriminate on the ground of race, color, religion, sex, age, disability or national origin, or genetic information in the hiring, retention, or promotion of employees; nor in determining their rank, or the compensation or fringe benefits paid them.