** This role can be 100% remote OR based in our SF, NJ, or Arizona offices **
The RealReal information security team is looking for an Enterprise &Cloud Security Engineer to be part of a growing team and assist in the build out of key cyber automation capabilities. This role encompasses the implementation and subsequent maturing of platform, identity and network security for The RealReals Global Information Security program. This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the arena of Enterprise &Cloud security and wishes to grow within the organization and the thriving retail industry.
What You Get To Do Every Day
- Evaluate and integrate external SDK’s and API's based on solution requirements
- and Scrum Frameworks
- Design and maintain The RealReal Enterprise security infrastructure
- Perform platform security tasks such as vulnerability management through Qualys or Tenable, configure and maintain EDR solutions for both on-prem and public cloud (AWS/GCP) assets
- Maintain and configure web application firewalls and botnet mitigation solutions
- Enforce best practices in terms of cybersecurity configurations and design for on-prem stores and POS devices
- Examine output from security tools and report on findings
- Work with cyber analysts and security engineers to develop threat models, detections, incident response playbooks, and maintain tooling to enrich security intelligence
What You Bring To The Role
- 3+ years experience working in a security role
- Ability to work cross functionally between technical and business teams, evangelizing security best practices, policy, and procedure
- Effective communication skills
- Demonstrated knowledge of enterprise-scale security technologies which may include SIEM, vulnerability management, incident response, HIDS/NIDS, PKI, user behavior analytics, SSO, IAM, Privileged Access Management
- Experience building and maintaining enterprise logging pipelines
- Demonstrated proficiency with scripting (Bash, Python, Go, etc.)
- Experience with developing infrastructure as code (Terraform, Cloudformation)
- Deep hands on security experience with cloud providers such as AWS, GCP, and other cloud providers and their respective security tools.
- Experience with EDR (Endpoint Detection and Response) tools e.g. Crowdstrike, Carbon Black etc
- Familiarity with development processes and environment tools such as Git, Jira, Confluence
- OSxx Suite of Certifications
- Pentesting experience
- Hands on experience with Container Technology (Docker, EKS, GKE, Kubernetes, Openshift, ) •Experience with SOAR, CASB, DLP technologies