Senior Cloud Security Engineer

Contrast Security named to Inc.'s "Best Workplaces of 2020"

Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. At Contrast, you will find an environment where innovation and success come from creative collaboration. For those who meet these standards, there is no better place to work than Contrast Security.

About the Position

Our Security team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. The ideal candidate will be responsible for maintaining the fidelity and security of our cloud computing environments. The Cloud and Application Security Engineer is responsible for supporting and contributing to Contrast's growing and enhancing security efforts. As a key member of the Security team, you are part of a team responsible for ensuring the security of all Contrast assets and you are deeply hands-on with our cloud-based infrastructure, Linux systems, automation, monitoring and systems telemetry. Ideal candidates have a background or immense interest in working with: Ansible, AWS, Tomcat/Java, RabbitMQ, Kafka, MySQL, CloudFormation, Terraform, Kubernetes, Serverless, and Restful API development. This position is US-based but can work from home on a permanent basis if not located near our offices in Los Altos, CA or Baltimore, MD.

Responsibilities

• Research, design, develop, and support of reference cloud security architecture components
• Recommend and create innovative solutions that balance security standards with business requirements
• Develop applications, integrations, and automation to improve security operations and governance
• Define and evangelize cloud, serverless, and application security best practices
• Recommend, implement and administer cloud, serverless, and application security controls
• Perform Threat modeling in collaboration with product security, architecture, and development teams
• Identify and communicate and new and emerging security threatsInvestigate and analyze suspicious activity and security incidents as part of the incident response team
• Conduct basic and applied research on important and challenging problems in cloud and application security
• Development and presentation of content associated with the security research through conference speaking and/or blogging
• Provide tier-3 support for reported incidents and escalation of security findings reviewAbility to perform vulnerability and penetration testing assessments
• Analyze results from and interface with IDS systems

About You

• You have 2-4 years in application security with at least some of that focused in a Cloud Engineer role
• Strong knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
• Deep understanding of serverless architecture
• You love to code and deploy at scale
• You have a desire to make the Internet a safer place
• You had a passion for tools like Ansible and Cloudformation, but are moving on to tools like Terraform, Kubernetes and Helm
• You have strong communication skills
• You ask questions, let others know when you need help, and tell others what you need
• You're a problem solver
• Software background in Java or .NET (plus if you have experience with Python, NodeJS, Ruby and/or GoLang)
• Possess an understanding of the OWASP Top 10 and SANS/CWE Top 25Experience with ethical hacking and vulnerability management reporting
• Experience with threat modeling and attack forensics

If you're amazing but missing some of these, email us your résumé and cover letter anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available.

What We Offer

• Competitive compensation
• Daily in-office team lunches (when offices are open)
• Meaningful stock plans
• Medical, dental, and vision benefits
• Flexible paid time off

We are changing the world of software security. Do it with us.

We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it.

Solve the impossible. Easy = boring.

If you're looking for a fun work environment and like a challenge, you'll love Contrast Security. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations. By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. Please note, all fields with an '*' indicator are required and will be the previously stated information used for processing your application. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast's Privacy Statement reflects our policies around compliance with the General Data Protection Regulation ("GDPR") and your rights respective to GDPR. If you are a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 ("CCPA") will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts and dependents ("CA Employee") new rights to privacy.