Security Operations Engineer at InfraCloud Technologies

Posted on: 08/24/2021

Location: (REMOTE)

Crunchbase | Original Source

Tags: haproxy gcp ruby datadog mesos php nginx azure kubernetes python jenkins aws docker terraform

**Responsibilities:** • Keeping up with the state of the art in application security, operational security, and DevSecOps, helping developers build software securely throughout the complete software development lifecycle. • Enhance the security posture of our platforms and applications, securing production and pre-production services running on Kubernetes. • Evangelize intelligent security solutions and mitigations that categorically solve classes of vulnerabilities by addressing their root causes. • Continue to learn new technology and business processes and apply an offensive (“red team”) security mindset to them to discover vulnerabilities and drive improvements. • Hunt for and identify threats and vulnerabilities which impact our software and infrastructure. • Continuously improve the systems and algorithms we use to identify potential indicators of compromise. • Apply common information security frameworks and standards utilized in the industry to understand requirements and best practices as they apply to software. • Leading independent third-party vendors through security assessments, such as penetration testing, social engineering, and compliance. • Implement and maintain our security tooling. **Requirements:** • Experience securing virtualized workloads, containerized services, and platforms like Kubernetes at scale in production on public clouds, preferably with both Linux and Windows workloads. • Experience securing AWS, (or e.g., Azure, GCP) cloud infrastructure and security-focused services such as AWS KMS, Cloud HSM, Encryption SDK, IAM, and STS. • Development and administration experience on Linux environments with distributions like Debian and Ubuntu. • Broad, adaptable programming experience across modern languages like Java/Python/PHP/Ruby/Go/Groovy/C/C++. • Deep understanding of web technologies such as HTTP, TLS, REST, and services such as Nginx and HAProxy. • Experience with tooling and systems for build, infrastructure automation, and monitoring, such as Docker, Jenkins, Terraform, Datadog, JFrog, and Sumologic. • Good knowledge of security principles at all layers of the OSI stack. • Blue and/or red team experience is highly valued. **Desired Skills:** • You have experience implementing security controls or have helped achieve security certifications for business: ISO, SOCII, GDPR, etc. • You are self-driven, proactive, and inquisitive, and pride yourself on identifying pragmatic solutions to complex technical and security process challenges. • You have strong technical knowledge and the ability to apply that knowledge to prevent, detect, and contain security events. • You have an ability to not only use security tools, but to implement them in diverse and heterogeneous environments, such as those containing a mix of workloads across discrete VMs, orchestration tools like Kubernetes or Mesos, and on-premise or cloud-native infrastructure. • You have good verbal and written communication skills • You have a strong orientation towards delivering results incrementally. **Qualifications:** • Experience: Minimum 6 years of combined experience within at least two of the three disciplines: data security, application security, and/or cloud infrastructure security/engineering • Education: BS/MS in Computer Science or equivalent experience.