Security Engineer at AtScale

Development, Software Development, Technology
Remote
November 17, 2022
Full Time
Urgent
Apply Now

Job Description

$120k – $200k • 0.0% – 1.0%

Company Overview

You will help design, develop, and lead cross-functional efforts to secure both our infrastructure and application services. You will support documentation for compliance and contribute to procedures for system reliability and incident response. Management is optional but mentorship is key.

Job Description

As a core contributor to the DevOps team, you will help design and develop sophisticated infrastructure and tooling that is integral to the development of application services. You will be key in helping us leverage cutting edge technologies not only for our own infrastructure but also in the design of our product offerings. Management is optional but mentorship is key.

Responsibilities

  • Design, document, and execute a security and compliance program for infrastructure and apps
  • Deploy, configure, and monitor security tools from endpoint solutions to code testing with CI/CD
  • Conduct regular security assessments of our apps and architecture through penetration tests, vulnerability scans, threat modeling, and manual inspection
  • Monitor security, drive response to vulnerabilities, and coordinate with incident responders
  • Advise developers on resolving security findings to drive security compliance
  • Participate in SOC2, regulatory, and other compliance audits.

Requirements

  • BA/BS preferred in a technical or engineering field
  • 3+ years experience
  • Familiarity with security considerations such as isolating environments using network configurations, RBAC, security groups, bastion hosts or amazon workspaces, firewall setups
  • Experience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudTrail, Security Hub, GuardDuty, CloudWatch, CloudTrail, WAF, Shield, Secrets Manager, Cognito, KMS, and IAM for regulations such as SOX, GDPR, PCI
  • Experience with code scanning procedures such as SCA, SAST, DAST, and related frameworks/tools such as OWASP, veracode or blackduck.
  • Experience with vulnerability analysis, pen testing, and patch prioritization
  • Effective understanding of security best practices such as least privilege, RBAC, protocols, authentication, authorization, endpoint security, network security, logging, and observability

Preference will be given to candidates with

  • Experience using pen testing tools (Kali Linux, BurpSuite, nmap, metasploit, etc.)
  • Experience with security policies for Terraform (IaC) controlling production infrastructure
  • Experience training developers in various aspects of security to include secure coding, security requirements, static/dynamic security tools, etc.

Related Jobs