Security
Engineer

← Back to All Roles

About the Role

Security at Juju-Tech isn't an afterthought — it's woven into everything we build and deliver. As a Security Engineer, you'll lead our application and infrastructure security practice, conducting assessments, building secure-by-default systems, and ensuring our clients meet their compliance obligations.

You'll work across the entire Juju-Tech engineering organization — embedding security into development workflows, hardening cloud infrastructure, and acting as the expert our teams turn to when security questions arise.

What You'll Do

• Lead application security assessments and penetration testing for client applications and infrastructure
• Conduct threat modeling and security architecture reviews for new systems and features
• Build and maintain a secure SDLC process — SAST, DAST, dependency scanning in CI/CD pipelines
• Design and implement Zero Trust network architecture for client environments
• Lead compliance initiatives: SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP
• Manage vulnerability disclosure and incident response programs
• Implement security monitoring, SIEM configuration, and threat detection rules
• Conduct security training and awareness programs for internal engineering teams
• Manage secrets management infrastructure (HashiCorp Vault, AWS Secrets Manager)
• Evaluate and implement security tools to strengthen our overall security posture
• Produce security documentation, policies, and client-facing reports

What We're Looking For

• 5+ years in application security, penetration testing, or security engineering
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CWE/CVE frameworks
• Experience with penetration testing tools (Burp Suite, Metasploit, Nmap, Nuclei)
• Proficiency with cloud security on AWS, Azure, or GCP
• Experience implementing secure SDLC practices and DevSecOps pipelines
• Knowledge of compliance frameworks (SOC 2, HIPAA, PCI DSS)
• Scripting skills in Python or Bash for automation and tool development
• Strong understanding of cryptography, PKI, and authentication protocols (OAuth2, SAML, OIDC)
• Excellent written communication — you can write clear, actionable security reports

Nice to Have

• OSCP, CISSP, CEH, or AWS Security Specialty certification
• Experience with red team or bug bounty programs
• Familiarity with AI/ML-specific security challenges (model extraction, adversarial attacks)
• Experience with cloud security posture management (CSPM) tools
• Knowledge of container and Kubernetes security hardening
• Background in security for regulated industries (healthcare, finance, government)

Security Stack

Interview Process

• Step 1: Recruiter intro (30 min)
• Step 2: Technical screen — security concepts and threat modeling (60 min)
• Step 3: Practical challenge — code review and vulnerability assessment (3 hours, paid)
• Step 4: Panel interview — security architecture and incident response scenarios (90 min)
• Step 5: Offer