Contrast Security named to Inc.'s “Best Workplaces of 2020” Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. At Contrast, you will find an environment where innovation and success come from creative collaboration. For those who meet these standards, there is no better place to work than Contrast Security. About the Position Our Security team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. The ideal candidate will be responsible for maintaining the fidelity and security of our cloud computing environments. The Cloud and Application Security Engineer is responsible for supporting and contributing to Contrast’s growing and enhancing security efforts. As a key member of the Security team, you are part of a team responsible for ensuring the security of all Contrast assets and you are deeply hands-on with our cloud-based infrastructure, Linux systems, automation, monitoring and systems telemetry. Ideal candidates have a background or immense interest in working with: Ansible, AWS, Tomcat/Java, RabbitMQ, Kafka, MySQL, CloudFormation, Terraform, Kubernetes and Restful API development. This is a US-based position but it can work from home on a permanent basis if not located near one of our offices in CA or MD.
Responsibilities
- Research, design, develop, and support of reference cloud security architecture components
- Recommend and create innovative solutions that balance security standards with business requirements
- Develop applications, integrations, and automation to improve security operations and governance
- Define and evangelize cloud and application security best practices
- Recommend, implement and administer cloud and application security controls
- Perform Threat modeling in collaboration with product security, architecture, and development teams
- Identify and communicate and new and emerging security threats
- Investigate and analyze suspicious activity and security incidents as part of the incident response team
- Conduct basic and applied research on important and challenging problems in cloud and application security
- Development and presentation of content associated with the security research through conference speaking and/or blogging
- Provide tier-3 support for reported incidents and escalation of security findings review
- Ability to perform vulnerability and penetration testing assessments
About You
- You have 1-3 years in application security with at least some of that focused in a Cloud Engineer role
- Strong knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc)
- You love to code and deploy at scale
- You have a desire to make the Internet a safer place
- You had a passion for tools like Ansible and Cloudformation, but are moving on to tools like Terraform, Kubernetes and Helm
- You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.
- You're a problem solver
- Software background in Java or .NET (plus if you have experience with Python, NodeJS, Ruby and/or GoLang)
- Understanding of the OWASP Top 10 and SANS/CWE Top 25
- Experience with ethical hacking and vulnerability management reporting
- Experience with threat modeling and attack forensics
- Competitive compensation
- Daily in-office team lunches (when offices are open)
- Meaningful stock plans
- Medical, dental, and vision benefits
- Flexible paid time off