DevSecOps Integration Engineer
Slingshot Aerospace
AWSAzureCloudDistributed SystemsKafkaMicroservicesTypeScript
Job Level
Senior
Tech Stack
AWSCloudDistributed SystemsJavaScriptKubernetesMicroservicesOpen SourceTypeScript
About the role
- Report into the engineering organization as a Product Security Engineer responsible for identifying and mitigating security risks across all Cribl products (cloud and on-premises)
- Partner with EMEA Engineering teams to build secure software and systems
- Perform application security assessments including AWS architecture review, threat modeling, secure code review, and security consulting
- Assist and enable product teams to follow secure development practices and empower them to own security within their product area
- Consult with development and operations teams to provide guidance and recommend secure design patterns
- Perform security assessments on new and existing products and services to identify security risks and establish baseline security requirements
- Evaluate results from Cribl’s Cloud Security Posture Management (CSPM), perform root cause analysis on AWS misconfigurations, and educate engineering teams on secure AWS patterns
- Establish, improve, and drive security patterns and processes across Engineering to improve security and resiliency of software and systems architecture
- Work directly with development and operations teams to embed secure development practices into every product
Requirements
- Strong AWS security experience
- Experience in software development or product security engineering, with additional full-time product or information security experience
- Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and services deployed to cloud, on-premise, and hybrid environments
- Expert knowledge and implementation experience across information security disciplines, including web application, network, and operating systems security
- Fluency with the OWASP Top 10, ASVS, and other common vulnerabilities and exploit techniques, and ability to define appropriate countermeasures
- Solid understanding of common application and network protocols, cryptographic technologies, and authentication and authorization protocols
- Knowledge of compliance requirements for industry-standard certifications like PCI, SOC2, ISO 27001, FedRAMP
- Direct experience supporting cloud operational models, including SaaS security architecture, microservices, containers, and/or Kubernetes
- Contributions to the security community: research papers, public CVEs, conference talks, open source, etc.
- Extensive automation and development experience in programming languages such as: C++, JavaScript/TypeScript
- Familiarity with “big data” and distributed systems technology
- OSCP or related security credentials
- BA/BS in computer science, a related discipline, or equivalent work experience
- Ability to communicate with engineering teams with authority, credibility, and empathy
- Experience performing application security assessments including AWS architecture review, threat modeling, secure code review, and general security consulting
Similar jobs on JobTailor
Senior Software Engineer, Backend, Stream Integrations
Cribl
AWSAzureCloudDistributed SystemsGoogle Cloud PlatformKafkaNode.jsOpen SourceSplunkTypeScript
Senior Software Engineer, Backend
Cribl
AWSAzureCloudDistributed SystemsGoogle Cloud PlatformKafkaNode.jsOpen SourceSplunkTypeScript
Senior Engineer, AI Systems & Automation
Coalfire
AWSCloudCyber SecurityDistributed SystemsGoJavaJavaScriptKubernetesMicroservicesPythonRustTypeScript
Senior Full Stack Software Engineer, Python, JavaScript, TypeScript
Arine
AWSCloudDistributed SystemsDockerDynamoDBJavaScriptMicroservicesPythonReactReduxTypeScript