About Mandolin

The Role

What you’ll do

• Integrate security into the Software Development Lifecycle (SDLC) and CI/CD pipelines
• Conduct application security reviews, threat modeling, vulnerability assessments, and support secure code review practices
• Identify and remediate vulnerabilities related to the OWASP Top 10, APIs, authentication/authorization, secrets management, and software dependencies
• Design and implement security controls across cloud and infrastructure environments including AWS, Azure, or GCP
• Secure cloud-native platforms, containers, Kubernetes environments, CI/CD systems, and Infrastructure-as-Code (IaC) deployments
• Monitor and improve logging, alerting, vulnerability management, endpoint protection, and incident response capabilities
• Collaborate with Platform Engineering and DevOps teams to improve infrastructure hardening and operational security practices
• Support security compliance initiatives including SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, and NIST-based programs
• Assist with risk assessments, audit readiness, evidence collection, policy development, vendor security reviews, and remediation tracking
• Help drive security awareness, promote secure engineering best practices, and contribute to long-term security strategy and maturity initiatives
• Research emerging threats, vulnerabilities, and security technologies to continuously improve organizational security posture

Must-have experience

• 4+ years of experience in Security Engineering, Application Security, Cloud Security, DevSecOps, or related cybersecurity roles
• Strong understanding of application security, infrastructure/cloud security, and security compliance concepts
• Experience securing modern web applications, APIs, cloud environments, and distributed systems
• Hands-on experience with cloud platforms such as AWS, Azure, or GCP
• Familiarity with CI/CD pipelines, container security, Kubernetes, and Infrastructure-as-Code security practices
• Experience with security tools such as SAST, DAST, SIEM, vulnerability scanners, CSPM, EDR/XDR, and IAM solutions
• Scripting or automation experience using Python, Bash, PowerShell, or similar languages
• Strong communication skills with the ability to collaborate across technical and non-technical teams

Nice-to-haves

• Experience in SaaS, fintech, healthcare, or other regulated environments
• Familiarity with Zero Trust architectures and modern identity/security frameworks
• Experience supporting compliance audits and governance initiatives
• Relevant certifications such as CISSP, Security+, CCSP, AWS Security Specialty, GSEC, OSCP, or similar

Compensation & Benefits