CITADEL · Security & Compliance

Senior Security Engineer (CITADEL)

Senior security engineer for CITADEL. AppSec, pen testing, secure SDLC, and continuous compliance evidence (SOC 2 / ISO 27001 / HIPAA / PCI-DSS) for enterprise clients.

Level: G7 – G8
Locations: Dallas · Doha · Lahore
Type: Full-time
Posted: April 1, 2026

About the role

CITADEL operates security as engineering, not as audit-time scrambling. We co-pilot every regulated engagement from kickoff: SAST / SCA / DAST in CI, threat modeling on new services, continuous evidence collection, and the audit-defensible operating discipline regulated industries require.

You'll lead AppSec programs, run penetration tests, build secure-SDLC discipline into customer engineering organizations, and produce the evidence pipelines that make SOC 2 / ISO 27001 / HIPAA audits a one-day pull rather than a six-week scramble.

What you’ll do

Lead AppSec programs: SAST / SCA / DAST integration, threat modeling, security review on architecture
Run internal penetration tests; coordinate with external pen-test firms; manage findings to closure
Build SOC 2, ISO 27001, HIPAA, PCI-DSS evidence pipelines for client engagements
Co-pilot regulated engagements alongside CORTEX, FORGE, NEXUS practice teams from kickoff
Author CITADEL playbooks and contribute to internal security-tooling library

What we look for

7+ years of security engineering, with 3+ years in AppSec / SecOps at enterprise scale
Production experience with SOC 2 / ISO 27001 evidence pipelines and audit support
Strong AppSec discipline: threat modeling, secure code review, OWASP / CWE familiarity
Hands-on penetration testing experience (web, API, mobile, cloud) with tools like Burp / Metasploit
Comfortable producing audit-grade documentation and supporting QSA / auditor interactions

Nice to have

OSCP / OSCE / CISSP or equivalent
HIPAA, PCI-DSS Level 1, FedRAMP, or NERC CIP program experience
Open-source contributions in security-tooling ecosystem (Semgrep / CodeQL rules, Slither detectors)

Apply

Ready for Senior Security Engineer (CITADEL)?

Email [email protected] with your resume and a problem you’d want to ship. RIVERBED responds within 5 business days.

Apply for this role

About the role

What you’ll do

Lead AppSec programs: SAST / SCA / DAST integration, threat modeling, security review on architecture

Run internal penetration tests; coordinate with external pen-test firms; manage findings to closure

Build SOC 2, ISO 27001, HIPAA, PCI-DSS evidence pipelines for client engagements

Co-pilot regulated engagements alongside CORTEX, FORGE, NEXUS practice teams from kickoff

Author CITADEL playbooks and contribute to internal security-tooling library

What we look for

7+ years of security engineering, with 3+ years in AppSec / SecOps at enterprise scale

Production experience with SOC 2 / ISO 27001 evidence pipelines and audit support

Strong AppSec discipline: threat modeling, secure code review, OWASP / CWE familiarity

Hands-on penetration testing experience (web, API, mobile, cloud) with tools like Burp / Metasploit

Comfortable producing audit-grade documentation and supporting QSA / auditor interactions