Staff/Principal Cloud Security Engineer

Contrast Security named to Inc.'s "Best Workplaces of 2020"

Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. At Contrast, you will find an environment where innovation and success come from creative collaboration. For those who meet these standards, there is no better place to work than Contrast Security.

About the Position

Our Security team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. The ideal candidate will be responsible for maintaining the fidelity and security of our cloud computing environments. The Cloud and Application Security Engineer is responsible for supporting and contributing to Contrast's growing and enhancing security efforts. As a key member of the Security team, you are part of a team responsible for ensuring the security of all Contrast assets and you are deeply hands-on with our cloud-based infrastructure, Linux systems, automation, monitoring and systems telemetry. Ideal candidates have a background or immense interest in working with: Ansible, AWS, Tomcat/Java, RabbitMQ, Kafka, MySQL, CloudFormation, Terraform, Kubernetes, Serverless, and Restful API development.

Traveling to an off-site event may be happen on an annual basis but this can be a fully remote position anywhere in the U.S.

Responsibilities

• Research, design, develop, and support of reference cloud security architecture components
• Recommend and create innovative solutions that balance security standards with business requirements
• Develop applications, integrations, and automation to improve security operations and governance
• Define and evangelize cloud, serverless, and application security best practices
• Recommend, implement and administer cloud, serverless, and application security controls
• Perform Threat modeling in collaboration with product security, architecture, and development teams
• Identify and communicate and new and emerging security threatsInvestigate and analyze suspicious activity and security incidents as part of the incident response team
• Conduct basic and applied research on important and challenging problems in cloud and application security
• Development and presentation of content associated with the security research through conference speaking and/or blogging
• Provide tier-3 support for reported incidents and escalation of security findings reviewAbility to perform vulnerability and penetration testing assessments
• Analyze results from and interface with IDS systems

About You

• You have at least 5 years in application security with at least some of that focused in a Cloud Engineer role
• Strong knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
• Deep understanding of serverless architecture
• You love to code and deploy at scale
• You have a desire to make the Internet a safer place
• You had a passion for tools like Ansible and Cloudformation, but are moving on to tools like Terraform, Kubernetes and Helm
• You have strong communication skills
• You ask questions, let others know when you need help, and tell others what you need
• You're a problem solver
• Software background in Java or .NET (plus if you have experience with Python, NodeJS, Ruby and/or GoLang)
• Possess an understanding of the OWASP Top 10 and SANS/CWE Top 25Experience with ethical hacking and vulnerability management reporting
• Experience with threat modeling and attack forensics

If you're amazing but missing some of these, email us your résumé and cover letter anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available.

What We Offer:

• Competitive compensation
• Daily in-office team lunches (when offices are open)
• Meaningful stock plans
• Medical, dental, and vision benefits
• Flexible paid time off

We are changing the world of software security. Do it with us.

We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it.

Solve the impossible. Easy = boring.

If you're looking for a fun work environment and like a challenge, you'll love Contrast Security.

Contrast Security is committed to a diverse and inclusive workplace. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.