Security Monitoring Incident Response

What we do

• We write software to monitor and correct our security posture in AWS and GCP
• We work with other engineering teams to secure their infrastructure
• We evangelize and reward good security behavior and hygiene throughout the company
• We’re proud of the code we write, and believe we can build automation to enable our engineers to be secure and remain productive.

Responsibilities

• Work directly with the senior leadership team to set strategy and priorities on security monitoring, incident response and vulnerability management
• Regularly report on the effectiveness of your program and make adjustments when things aren’t working as planned
• Help create and execute a detailed SIRT roadmap, which maps to our overall security roadmap: what we are monitoring and why; how we consistently and reliably respond to events and incidents; how we are quickly uncovering meaningful vulnerabilities; how we improve our SIRT processes year over year
• Hunt for threats in the environment with the team, as well as prepare for attack scenarios with the teams
• Keep incident documentation and runbooks updated, covering the full incident lifecycle, which are reliably executed by the team and you
• Work with other engineering teams to ensure systems are well-prepared for incident-response activities (with proper logging, red-team exercises, etc.)
• As needed, lead security incidents as the Incident Commander: take over the communications, direct the work, investigate where it makes sense, and then lead post-mortems and assign and work on betterments
• Continue building SIRT, alongside other engineers; help recruit new team members; mentor junior team members for success

Requirements

• You have 5+ years of engineering experience in a cloud-production environment and you have working knowledge of service-oriented architectures and software development, as well as experience with different logging tools fit for a cloud environment
• You’ve previously held a senior SIRT role in a professional environment and you’re capable of being a security subject matter expert on internal security issues
• You are excited to work across the stack on a variety of different security challenges and initiatives
• You are very comfortable in AWS/containerized environments.
• You are comfortable with Golang.

A little more about our team

• We showcased the importance of making security tooling more usable by demoing our OWASP ZAP contributions at Appsec USA
• We discussed our overall approach to our security engineering program at AppSec California
• Our Head of Security’s Approach to Building a Security Team and Program
• We deleted every employees’ AWS keys!

We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences