Security Operations Engineer

Security Operations Engineer:

Responsibilities:

• Keeping up with the state of the art in application security, operational security, and DevSecOps, helping developers build software securely throughout the complete software development lifecycle.

• Enhance the security posture of our platforms and applications, securing production and pre-production services running on Kubernetes.

• Evangelize intelligent security solutions and mitigations that categorically solve classes of vulnerabilities by addressing their root causes.

• Continue to learn new technology and business processes and apply an offensive (“red team”) security mindset to them to discover vulnerabilities and drive improvements.

• Hunt for and identify threats and vulnerabilities which impact our software and infrastructure.

• Continuously improve the systems and algorithms we use to identify potential indicators of compromise.

• Apply common information security frameworks and standards utilized in the industry to understand requirements and best practices as they apply to software.

• Leading independent third-party vendors through security assessments, such as penetration testing, social engineering, and compliance.

• Implement and maintain our security tooling.

Requirements:

• Experience securing virtualized workloads, containerized services, and platforms like  Kubernetes at scale in production on public clouds, preferably with both Linux and Windows workloads.

• Experience securing AWS, (or e.g., Azure, GCP) cloud infrastructure and security-focused services such as AWS KMS, Cloud HSM, Encryption SDK, IAM, and STS.

• Development and administration experience on Linux environments with distributions like Debian and Ubuntu.

• Broad, adaptable programming experience across modern languages like Java/Python/PHP/Ruby/Go/Groovy/C/C++.

• Deep understanding of web technologies such as HTTP, TLS, REST, and services such as Nginx and HAProxy.

• Experience with tooling and systems for build, infrastructure automation, and monitoring, such as Docker, Jenkins, Terraform, Datadog, JFrog, and Sumologic.

• Good knowledge of security principles at all layers of the OSI stack.

• Blue and/or red team experience is highly valued.

Desired Skills:

• You have experience implementing security controls or have helped achieve security certifications for business: ISO, SOCII, GDPR, etc.

• You are self-driven, proactive, and inquisitive, and pride yourself on identifying pragmatic solutions to complex technical and security process challenges.

• You have strong technical knowledge and the ability to apply that knowledge to prevent, detect, and contain security events.

• You have an ability to not only use security tools, but to implement them in diverse and heterogeneous environments, such as those containing a mix of workloads across discrete VMs, orchestration tools like Kubernetes or Mesos, and on-premise or cloud-native infrastructure.

• You have good verbal and written communication skills 

• You have a strong orientation towards delivering results incrementally.