39 day(s) ago

Cloud Security Engineer

Negotiable Salary


Worldwide
English: Advanced, Upper Intermediate, Native Speaker
Experience: 3+ years
Employment: Full-time

NS8

Our end-to-end protection platform combines advanced data analytics with real-time scoring to outsmart threats and approve more orders so you can focus on growing your business without the fear of fraud.

Responsibilities

Implement SAST/DAST/IAST/RAST, IDS/ADS, SIEM/SOAR and other DevSecOps systems, both vendor and open-source, that deploy and run in Kubernetes clusters and in Concourse CI/CD

Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models

Harden networks, containers, orchestrators, and cloud infrastructure more broadly.

Proactively assess vulnerabilities, model threats, and write automated penetration tests

Respond to and forensically analyze security incidents in a production environment, ensuring all compliance requirements and guidelines are followed

Code review with an eye for correctness, standards-compliance, security holes, new attack vectors, increased attack surface, etc

Requirements

Threat modeling and penetration testing experience

IDS/ADS, SIEM/SOAR, and forensics experience. We use or are looking to implement tools like Sysdig Falco as well as vendors like Aqua Security, Twistlock/Prisma, StackRox, and/or Splunk.

Experience responding to security incidents and following required reporting and resolution protocols

Compliance experience, e.g. NIST, SOC-2, SOX, PCI, etc.

Experience with vulnerability assessments, implementing SAST/DAST/IAST/RAST, and integrating security tooling into CI/CD pipelines. We are using or looking to implement tools like Anchore, Clair, Trufflehog, etc. Cloud. We are migrating to Concourse from CircleCI and some AWS CodeBuild.

Policy-as-Code experience. We are using or looking to implement tools like Open Policy Agent (OPA), cloud-custodian, terraform-compliance, etc.

Experience encrypting, hardening, segmenting networks. We are using or looking to implement tools like VPC, Security Groups, WAF, Kubernetes L4 & L7 NetworkPolicy, Istio AuthzPolicy, Istio mTLS, and Cilium encrypted networking.

Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.

Skills considered as a good plus

Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.

Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.

Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.

Experience implementing and influencing a DevSecOps workflow for other teams

Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.

Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)

Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.

Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.

Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.

Experience implementing and influencing a DevSecOps workflow for other teams

Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.

Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)

Similar Jobs