Technical Lead- SecOps

Job Description

Be part of a transformative team that is shaping the way First American builds and delivers world-class technology products that fuel the real estate industry. We are looking for the best-of-the-best technology experts who will envision, design, build, and deliver innovative solutions that provide exceptional experiences and lasting value to our customers. First American seeks a Principal Engineer- Security Enablement to help validate our services, applications, and tools to be designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. What you'll Do: As a Principal Engineer - Security Enablement, you will be responsible for enhancing the security posture of our applications throughout their lifecycle. Conduct application security design reviews to identify potential vulnerabilities and recommend mitigation strategies. Collaborate with development teams to integrate security into the software development lifecycle. Provide guidance and mentorship to developers on secure coding practices and security architecture. Contribute to the continuous improvement of security processes and practices within the organization. Assess and identify security risks that may be present to achieving the team s larger goals. Perform security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices. Reviewing code for vulnerabilities and then remediating these (either alone or with Software Engineers). Security training and outreach to internal development teams. Stay abreast of emerging security threats, vulnerabilities, and technologies. Collaborate with product management and other cross-functional teams to iteratively design, develop, and validate outcome-driven technology solutions. Continuous Improvement: Join a team determined to achieve ambitious goals, provide regular feedback, and drive continuous improvement. What you'll Bring: 8-10 years experience as a software engineer 2+ years of application security Experience in vulnerability discovery and code-level security reviews Strong background in application security best practices and familiarity with common vulnerabilities (eg, SSRF, race conditions, privilege escalations, etc) Familiarity with and ability to understand business objectives, business context, and security risk Ability to mentor and influence software engineers to share knowledge and improve quality Ability to unblock yourself and help accelerate the team in achieving their goals Ideally, you will also have experience with: Proficient in one of the following C# (.NET Core, .NET Framework), TypeScript & React / Node.js, or Golang Working within a highly regulated industry such as Financial Services or Healthcare Strong experience with AppSec tooling, including integrating it into CI/CD pipelines, such as Veracode, Synk, and PrismaCloud In-depth knowledge of AWS or Azure and associated tools Infrastructure as Code (Terraform, Ansible) Cloud infrastructure & services (AWS, Azure) Cloud security best practices Networking knowledge Security tools such as Burp Suite, Fortify, Vercode, etc Effective communication skills, both verbal and written, with strong relationship, collaborative, and organizational skills