[Wattpad] Senior Security Engineer
Job Description
As a Sr. Security Engineer, you’ll be working closely with the Engineering, Data, and Product teams to embed security into the evolution of our systems. You will play a pivotal role in protecting our organization's data, systems, and networks while ensuring our engineering velocity remains high.
As a senior member of the Security Team, you will work to drive the security vision for the department and will be responsible for influencing thinking across multiple teams to improve how we build secure software in general.
Wattpad runs on a large distributed system that handles tens of thousands of requests every second. You’ll be securing our AWS cloud infrastructure and helping us mature our application security program. Our security stack relies on AWS Security Hub, GuardDuty, and WAF for infrastructure protection, while leveraging Datadog and Splunk for observability and threat detection. We are heavily invested in infrastructure-as-code using Terraform and are looking to automate security workflows using Python and GitHub Actions.
What You'll Do:
Designing, implementing, and monitoring security controls in our AWS cloud infrastructure to balance protection with scalability.Influencing the technical direction of the Engineering & Data department by introducing secure development practices and threat modeling.Acting as a force multiplier by building security automation workflows and "guardrails" that allow teams to ship code safely and quickly.Directly solving complex security challenges, including incident response, root cause analysis, and remediation of vulnerabilities.Assisting teams in implementing access management and compliance controls, compliance (SOC 2/ISO 27001), and risk governance.Building and maturing our application security program, partnering with engineering teams to triage findings from our Vulnerability Disclosure Program.Collaborating with engineers on implementing security best practices to help raise the security bar across the organization.Required Qualifications:
5+ years of work experience in SecOps, Cloud Security, DevSecOps, or similar security-focused roleAWS security expertise: Hands-on experience with Security Hub, GuardDuty, Inspector, AWS WAF, and IAM policy managementSIEM experience highly desirable: Datadog, Splunk, or similar platforms (query development, alert tuning, incident investigation)Proficiency with infrastructure-as-code security: Terraform, CloudFormation, or similarExperience with containers and Kubernetes (EKS preferred) including security hardeningStrong scripting and automation skills: Python, Bash, PowerShellExperience securing CI/CD pipelines (GitHub Actions strongly preferred)Familiarity with MITRE ATT&CK and D3FEND frameworksUnderstanding of enterprise and cloud network security architecture and controlsSOC 2 and/or ISO 27001 compliance experienceSelf-starter comfortable with ambiguity - ability to define and execute on loosely-scoped problemsBalanced communication style - proactive collaborator when needed, deep-focus engineer when requiredExcellent written and verbal communication skills for cross-functional collaborationPreferred Qualifications:
Experience building application security programs from early stagesHands-on experience with Data Loss Prevention (DLP) solutionsFamiliarity with HackerOne, Bugcrowd, or similar bug bounty/VDP platformsExperience implementing threat modeling practices (STRIDE, PASTA, or similar)Just-In-Time (JIT) access implementation experienceExperience with security orchestration and automation (SOAR)Cloud security certifications: AWS Security Specialty, CCSP, CCSKOffensive security background: OSCP, GPEN, CEH or practical CTF/red team experienceContributions to security open-source projects or published security researchExperience debugging complex systems across different layers of the stack