Dice is the leading career destination for tech experts at every stage of their careers. Our client, Kforce Technology Staffing, is seeking the following. Apply via Dice today!

RESPONSIBILITIES:Kforce has a client that is seeking a Security Engineer III in San Francisco, CA.

Summary:The client's Engineering Security (EngSec) Architecture team is seeking a talented Security Engineer. In this role, you will provide security and privacy specific corrective guidance to engineers, author security-related feature requests against products, build security and privacy enhancing tools and own technical interfacing for related remediation efforts.

Key Responsibilities: Security Engineer III will perform multi-disciplinary security and privacy design reviews of engineering design proposals while considering aspects of application security, cloud security, infrastructure security, data-layer security. Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security and privacy posture of our products and services. Be a subject matter expert and ambassador to core company Engineering in the areas of security and privacy by design. Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments. As a Security Engineer III, you will train and support Engineering Security Ambassador Program. Collaborate with cross-functional engineering teams to ensure security requirements are integrated from the outset of each project.

REQUIREMENTS: Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner. 3+ years of overall of application security & security architecture experience. Good knowledge of APIs (REST, GraphQL, SOAP/XML, gRPC) and microservice architecture. Familiarity with OWASP Standards (Web, API, LLM, Mobile). Possess a broad knowledge of threat modeling such as STRIDE and the associated design patterns to correct and/or mitigate security attacks and threats. Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle. Familiarity with the security architecture of one or more of the following public cloud providers: AWS, Azure, Google Cloud Platform, OCI. Able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to solve complex technical controls problems in our product suite. Ability to think like an attacker in order to identify security gaps.

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.