Security Automation Engineer / DevOps

Reference: VAC-37
Sector(s): Information Technology
Salary: Salary negotiable
Town/City: San Francisco
Contract Type: Contract

Position: Security Automation Engineer
Location: San Francisco, CA
Duration: Contract, Contract to Hire

Responsibilities:
•Be passionate about automation and avoiding doing things manually.
•Work closely with quality engineering, product management and other team members to develop, test and deploy high quality software securely
•Resolve complex technical issues and drive innovations that improve system availability, resilience and performance
•Create, maintain and share technical documentation used by engineers and other team members
•Provide security guidance and oversight to engineering and operational teams by participating in design reviews and threat modeling
•Develop secure coding practices and provide hands-on training for systems and network focused development teams
•Develop hardening guidelines and review security configurations related to Linux/Unix hosts, common application frameworks and network devices
•Provide security guidance and architectural review for logical datacenter designs•Research new security technologies and perform cutting-edge research on new attacks
•Understanding and strongly advocating core security premises, while being pragmatic in balancing security requirements with changing business needs
•Building robust security strategy through analysis, consensus building, and ultimately ambition to really make the case for a fundamentally security foundation of the Thunder IoT Platform

Qualifications:
•BS or MS in Computer Science or equivalent experience
•6+ years work experience in an DevOps or similar security role
•Strong knowledge of public cloud security hardening
•Experience in securing configuration management technologies such as Chef, Puppet or Ansible
•Deep understanding of fundamental technologies like DNS, Load Balancing, SSL, TCP/IP, SQL, HTTP
•Proficiency with auditable source control, continuous integration and testing pipelines
•Experience with secure log management and log aggregation
•A proper understanding of holistic security
•IDS, App Sec, Network Sec, firewalls, pen testing, fuzzing, spoofing, repudiation DDoS, perimeter monitoring, formal policies, and human behavior
•Educated and continually learning about latest emerging threats and defenses
•Experience with large-scale security incidents and managing them, including communication with internal and external stakeholders, while maintaining clarity in a chaotic situation
•Experience working with stakeholders proactively on every facet, and the ability to compose thoughtful, understandable analysis that provides clear communication of what happened, reactive steps, and future proactive steps to ensure our customers that we genuinely take security seriously and doesn’t panic when in the hot seat of an ongoing incident.
•Know some of those hard problems that are unique to IoT ecosystems and has some ideas on approaches thought of already on how they would solve them
•Thinking outside of general scope, include human behavior

Preferred Qualifications:
•Expertise in web application security and the OWASP top 10
•Expertise in data store and processing security with PostgreSQL, Cassandra, Spark, and/or Storm
•Expertise with virtualization and container security
•Experience in privacy-preserving data mining, data quality, types of predictive models, etc. for identifying Advanced Persistent Threats (APTs) and detecting misuse