Security Engineer

The Campaign Registry (TCR) is a centralized platform designed to register businesses and their text messaging campaigns, ensuring compliance with industry regulations and best practices. By providing a robust framework for businesses to authenticate their messaging traffic, TCR plays a critical role in maintaining the integrity of the messaging ecosystem. The system aim is to help reduce spam, boosts trust between businesses and consumers, improves message deliverability, and allows for higher sending volumes without compromising on security. TCR’s transparent and accountable approach to business communications fosters a more reliable and secure environment for text-based interactions.We are seeking a proactive and detail-driven Security Engineer with a strong foundation in Java development to join our Information Security team. This role combines hands-on security operations with secure development practices to ensure the confidentiality, integrity, and availability of our systems and applications. You’ll play a key role in maintaining compliance, responding to security threats, and supporting secure application lifecycles.- Conduct quarterly security and compliance reviews across systems and processes.- Manage and support external and internal audits, including evidence gathering and documentation.- Respond to InfoSec questionnaires and security due diligence inquiries from clients and partners.- Oversee ISO policy documentation and compliance control management, including through platforms like Vanta.- Conduct security design reviews and secure code reviews, with a focus on Java-based applications.- Analyze results from static code analysis and security scanning to ensure secure releases.- Monitor and respond to AWS GuardDuty alerts and other security incident indicators.- Stay current on the latest threats and coordinate security advisories and updates to InfoSec teams.- Manage security tools, tune email security platforms such as Proofpoint, and renew digital certificates.- Oversee IT device and account management, enforcing identity and access policies.- Monitor for and resolve vulnerabilities in both infrastructure and application layers.- Provide guidance and review of Java application security, secure coding practices, and vulnerability remediation.- Contribute to DevSecOps practices by integrating security throughout the software development lifecycle.- Maintain documentation and perform policy updates related to ISO 27001, SOC 2, and other frameworks.- Complete various additional security, IT, and compliance tasks as needed.

Requirements

- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field—or equivalent experience- 3+ years in a security engineering or cybersecurity role, with proven experience in Java development- Deep understanding of application security principles, especially in Java-based environments- Proficiency in secure coding practices and familiarity with OWASP Top 10- Experience with code analysis tools, such as SonarQube, Fortify, or similar- Hands-on experience with security monitoring and vulnerability management tools- Familiarity with security frameworks like ISO 27001, NIST, SOC 2- Excellent problem-solving skills and strong communication abilities

Preferred Qualifications

- Certifications such as OSCP, CSSLP, or CEH- Experience with DevSecOps, CI/CD security integration, or threat modeling- Background in cloud security (e.g., AWS security best practices)- Experience working with platforms like Vanta, Proofpoint, and GuardDuty