Submittable is seeking a Senior Cloud Security Engineer to bring our systems to the next level of security, availability, and durability. You’ll recommend and implement changes across our environments, evaluate new technologies, respond to production issues that arise, be challenged with complex problems to solve, and contribute to our technological direction.
The position is a full-time individual contributor role and reports to the Engineering Manager for Infrastructure.
The Senior Cloud Security Engineer responsibilities include:
- Provide leadership in the areas of Vulnerability Management, DAST (Dynamic Application Security Testing), Application Security, Information Security, Data Analysis of security monitoring outputs, coordination of remediation patching, working with Development Teams and other Security and Compliance efforts
- Support day-to-day security operations, security tool integration, and automation
- Assist in defining security requirements and review of system to determine if they have been designed to comply with established security standards
- Design, engineer, operationalize and maintain the secure systems which support continuous deployment/integration solutions with strong focus towards innovation
- Analyze software design documents from a security standpoint and perform threat assessment for the developed cloud-native platform
- Identify, integrate, monitor and improve security controls by understanding business processes
- Implement secure software development measures into CI/CD pipelines in collaboration with development teams
- Conduct regular Vulnerability Assessments and Penetration Tests
- Support External/Internal Audits and security assessment requests
- Help remediate the findings and implement improvement measures
- Scheduled maintenance activities to keep the infrastructure components robust with latest patches and updated versions of software running in the infrastructure stack
- Evaluate, select, implement and maintain security tools, infrastructure, and automation
- Advise teams on developing pragmatic solutions that achieve business requirements to maintain acceptable levels of risk
- Manage the security bug backlog with development teams
- Perform other job-related duties as requested
- Participate in the on-call rotation
- Attend post mortems and contribute to identifying root causes
- Troubleshoot complex issues
An ideal candidate will have these qualities and experience:
- Bachelor's degree in Information Security, computer science, business, or a related field, or equivalent in experience and expertise
- 5+ years of software engineering experience
- 2+ years in an information security or cloud security engineering role
- Experience working with DevOps, Engineering and Compliance teams in a dynamic and collaborative environment to promote and implement the SecDevOps program throughout the organization
- Experience with CI/CD and developing tools
- Must be able to work with technologies including: AWS, Azure, Git, GitHub Actions, Kubernetes, Docker, AWS CDK/SDK/API, CloudFormation, Terraform, Python, .NET, JavaScript, Bash, YAML, DAST
- Strong understanding of cloud networking (DNS, SSL, Virtual Networks, VPC, VPN, Routing, Peering, NATs, Firewalls)
- Experience with variety of operating systems and Cloud Data Platforms (AWS, Azure, GCP)
- Excellent analytical, interpersonal and English communication skills both oral and written
- Has a love of learning
- Proactive sense of urgency and 'can do' attitude
- Ability to convey and explain complex technical information to non-technical staff
- We are interested in every qualified candidate who is eligible to work in the United States. However, we currently do not sponsor H-1B visas
Submittable
