Talent.com
US - Security Engineer II

US - Security Engineer II

Techlink Systems Inc.Oakland, CA, United States
1 day ago
Job type
  • Full-time
  • Quick Apply
Job description

Job Title : Security Engineer II

Location (On-site, Remote, or Hybrid?) : Oakland, CA (onsite)

Contract Duration : Contract until 03 / 31 / 2026

Project Overview

In this contract role, you will be at the forefront of protecting the products and services that millions of our members trust every day. You will support a key security initiative by embedding security into our development lifecycle and proactively defending against emerging threats. You will have a direct impact on our security posture by identifying and triaging vulnerabilities and by partnering with engineers to provide actionable, code-level recommendations for remediation.

This project is an opportunity to work at scale in a fast-paced environment that values collaboration and proactive security. The focus of this engagement is to solve complex security puzzles, protect the company from real-world threats, and meaningfully improve the safety and trust of our members.

What You'll Do

  • Triage and validate vulnerabilities from our suite of security tools, including Data Loss Prevention (DLP), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Open-Source Software (OSS) scanning.
  • Work closely with development teams to communicate findings, provide clear remediation guidance, including specific recommendations for code fixes, and ensure timely resolutions.
  • Proactively identify patterns and tune security tooling to improve our signal-to-noise ratio and reduce false positives.
  • Develop scripts and automation to streamline repetitive tasks and scale our vulnerability management processes.
  • Use ticketing systems to manage the end-to-end vulnerability lifecycle, from discovery to remediation.

Required Skills & Experience

  • Experience in an application security, product security, and / or vulnerability management role.
  • Hands-on experience operating and interpreting results from security tools, including Data Loss Prevention (DLP), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST).
  • Proven ability to triage security vulnerabilities and distinguish between true and false positives.
  • Strong understanding of secure coding practices and the ability to recommend specific code changes to fix vulnerabilities.
  • Proficiency in a scripting language (e.g., Python, Go, Bash) for automation.
  • Excellent communication skills, with a proven ability to explain complex security issues to developers.
  • Experience refining and tuning the rules and policies of security tools.
  • Experience with ticketing systems (e.g., JIRA, ServiceNow, Azure DevOps) for vulnerability tracking and remediation management.
  • Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10).
  • Familiarity with CI / CD pipelines and securing the Software Development Life Cycle (SDLC) is beneficial.
  • Proficiency in Scala, Java, or Typescript is also beneficial.
  • A Bachelor's or Master's degree in a related field or relevant security certifications (e.g., GIAC, OSCP) are a plus.

    • This contractor will be responsible for the following deliverables to enhance the security posture of our platform.

    Vulnerability Triage and Validation :

  • Triage and validate security vulnerabilities identified by the company's suite of security tools, including Data Loss Prevention (DLP), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Open-Source Software (OSS) scanning.
  • Distinguish between true and false positives to ensure engineering effort is focused on actual threats.

    • Remediation and Engineering Partnership :

  • Communicate findings and provide clear, actionable remediation guidance to development teams.
  • Deliver specific, code-level recommendations to engineers for fixing vulnerabilities.
  • Manage the end-to-end vulnerability lifecycle using ticketing systems (e.g., JIRA, ServiceNow) to track progress from discovery through to confirmed remediation.

    • Process Automation and Tooling Enhancement :

  • Develop scripts and automation tools to streamline repetitive tasks and scale the vulnerability management process.
  • Proactively identify patterns in security findings and tune security tooling to reduce false positives and improve the signal-to-noise ratio.
    • Create a job alert for this search

    Security Engineer Ii • Oakland, CA, United States