Skip To Main Content
backBack to Search

Lead Security Engineer (Cryptography and Threat Modeling)

Hybrid in Republic of Lithuania, Latvia
Security.Engineering& 4 others
hot
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

The primary focus of this engagement is to drive the creation of a cryptographic inventory across all products, with particular attention to FIPS 140-3 compliance. This includes identifying relevant issues, assessing findings, developing mitigation plans, and supporting audit readiness.

In addition, you will work closely with both the Security Team and product engineering teams to facilitate application threat modeling workshops and produce high-quality threat modeling reports.

Deliverables

  • A complete crypto inventory for relevant products, including reports related to FIPS 140-3 compliance
  • Mitigation plans and progress tracking for FIPS 140-3 cryptographic findings and issues, in collaboration with engineering teams
  • Facilitated threat modeling workshops and corresponding reports
  • Handover documentation and effective knowledge transfer to the Security Team
Responsibilities
  • Drive the creation of a crypto inventory across Signavio products, for example, using IBM QSE and agentic validation
  • Review findings and issues related to FIPS 140-3, and define, coordinate, and track mitigation plans together with engineering teams
  • Support threat modeling activities for cloud applications by facilitating workshops and producing clear, actionable reports
  • Contribute to broader Secure Development and Operations Lifecycle (SDOL) activities within the team, as needed
Requirements
  • 5+ years of experience in software security -you have implemented security initiatives end-to-end, not only provided advisory support
  • Ability to work independently, take ownership, and drive topics to completion with minimal supervision
  • Strong documentation, communication, and stakeholder management skills
  • English proficiency at B2 level or higher
Nice to have
  • Familiarity with IBM QSE
  • Experience in cryptography
  • Hands-on experience with agentic AI
  • Experience using Jira for task and project tracking
  • Prior exposure to security requirements in highly regulated environments, such as FedRAMP