Staff/Principal Cloud Security Engineer - remote

Posted 3 years ago
Stack Overflow
Contrast Security named to Inc.'s “Best Workplaces of 2020” Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. About the Position Our Security team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. The ideal candidate will be responsible for maintaining the fidelity and security of our cloud computing environments. The Staff/Princiapl Security Engineer is responsible for supporting and contributing to Contrast’s growing and enhancing security efforts. As a key member of the Security team, you are part of a team responsible for ensuring the security of all Contrast assets and you are deeply hands-on with our cloud-based infrastructure, Linux systems, automation, monitoring and systems telemetry. Ideal candidates have a background or immense interest in working with: Ansible, AWS, Tomcat/Java, RabbitMQ, Kafka, MySQL, CloudFormation, Terraform, Kubernetes, Serverless, and Restful API development. Traveling to an off-site event may be happen on an annual basis but this can be a fully remote position anywhere in the U.S.

Responsibilities

    • Research, design, develop, and support of reference cloud security architecture components
    • Recommend and create innovative solutions that balance security standards with business requirements
    • Develop applications, integrations, and automation to improve security operations and governance
    • Define and evangelize cloud, serverless, and application security best practices
    • Recommend, implement and administer cloud, serverless, and application security controls
    • Perform Threat modeling in collaboration with product security, architecture, and development teams
    • Identify and communicate and new and emerging security threatsInvestigate and analyze suspicious activity and security incidents as part of the incident response team
    • Conduct basic and applied research on important and challenging problems in cloud and application security
    • Development and presentation of content associated with the security research through conference speaking and/or blogging
    • Provide tier-3 support for reported incidents and escalation of security findings reviewAbility to perform vulnerability and penetration testing assessments
    • Analyze results from and interface with IDS systems

About You

    • You have at least 5 years in application security with at least some of that focused in a Cloud Engineer role
    • Strong knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
    • Deep understanding of serverless architecture
    • You love to code and deploy at scale
    • You have a desire to make the Internet a safer place
    • You had a passion for tools like Ansible and Cloudformation, but are moving on to tools like Terraform, Kubernetes and Helm
    • You have strong communication skills
    • You ask questions, let others know when you need help, and tell others what you need
    • You're a problem solver
    • Software background in Java or .NET (plus if you have experience with Python, NodeJS, Ruby and/or GoLang)
    • Possess an understanding of the OWASP Top 10 and SANS/CWE Top 25Experience with ethical hacking and vulnerability management reporting
    • Experience with threat modeling and attack forensics

What We Offer

    • Competitive Compensation
    • Medical, dental, and vision benefits
    • 401(k) plan
    • Flexible paid time off
We are changing the world of software security. Do it with us. We believe in what we do and are passionate about helping our customers secure their business. If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.