Sr. Staff Security Engineer

Job Description

As a Senior Staff Security Engineer, you would be expected to be passionate about security and have demonstrated skills in applying security to both applications/code and to cloud infrastructure. The successful candidate would make significant contributions not only to the Qubole Services and Platform but help mold engineers and operations personnel on the best practices of Security throughout the entire lifecycle of design, coding, deployment and operations across a large big data platform that serves thousands of customers and tens of thousands of users every single day. The Qubole platform operates in multiple languages including Ruby, Java, JavaScript, Python and across multiple cloud platforms including AWS, Google Cloud, and Microsoft Azure. What you will be doing

• Identify and exploit vulnerabilities in open source, and custom software applications; infrastructure, code; and processes running across cloud applications operating in multiple clouds
• Never stop learning the latest and most advanced security testing techniques, development tools, and frameworks
• Design and implement security related application features
• Help find security issues in feature requirements, technical designs, and implementations and understanding (or want to learn) security testing (e.g. fuzzing)
• Work within the team to design, develop, deploy and operate security technologies and solve challenges around events, alerts, monitoring, intrusion detection, vulnerability detection and tracking, file integrity monitoring and other similar technologies and challenges at cloud scale
• Working directly with engineers to mold them on security best practices and understanding how to defensibly build code that scales in a secure way.
• Find the best ways to monitor and automate the security on/in multiple production environments to achieve available, reliable, stable, consistency and most importantly secure services that we offer to our customers
• Find the best ways to identify security risks and incidents and suggest improvements and create automation as needed to detect and mitigate those risks
• Be able to analyze problems, and engineer solutions that are reproducible and capable of being handed off to other teams

Responsibilities Skills Required

• Experience with Amazon AWS/Microsoft Azure services as an IaaS/PaaS containers (Dockers/Kubernetes)
• Experience with static code analysis techniques, such as Fortify or CheckMarx, or open- source equivalents; threat analysis or modelling helpful
• Experience understanding security aspects of pentest assessment and mapping security findings into software engineering bugs fixes or enhancement requests
• Strong understanding of security models surrounding encryption, authentication, authorization and access controls, and related open- source technologies
• Experience and understanding of engineering processes, especially SDLC
• Highly Technical. You have Java/Ruby/Python experience and understand how things work and you write code
• Identify improvements to and as needed write scripts to automate security technologies to improve our ability to implement in cloud- based infrastructure (new environments, redeployments, updates, and upgrades). Ideally using Python or Ruby as these are frequently used throughout our organization
• Research, document and solve complex security problems. These could include developing an encryption key management (PKI using reputable public sources), testing and deploying DLP, Creating API automation, etc
• Strong technical skills and the ability to learn and continue to maintain cutting edge skills and knowledge on a variety of technical areas (Unix/Linux, Cloud Services, Application Security, etc

Desired Qualification

• Bachelors degree in Information Technology, Computer Science, or related field with 10 years of relevant industry experience
• Any of the following OSCP, OSWP, OSCE, GPEN, GWAPT, GXPN certifications (current)
• Effective communication; in both written and oral communication. Be able to break down complex topics and be able to educate others on security concepts
• Ability to collaborate effectively with others and the ability to multitask and work on multiple projects concurrently
• Demonstrate high energy and a sense of urgency and work within potentially compressed time frames
• Strong analytical and logistical skills with equally strong attention to details
• Experience developing best practices and written documentation for all existing security implementations and technology.

,

Keyskills :
indoor air qualitycustomer relationspenetration testingcustom softwarethreat analysisdevelopment toolsidsopen sourcekey managementcloud applicationstechnical skillsnetworkingbig datasecurity testingapplication securityfirewallintrusion det