Responsibilities
- Support “shift left” security by implementing third parties and building scripts to support modern security best practices into self-service tooling
- Work with engineering stakeholders to securely design products and fix security issues
- Create workflows and processes for the intake, triage, and resolution of security issues
- Execute proactive threat modeling and implement measures to strengthen the preventative controls of cloud infrastructure
- Work with both internal and external stakeholders to fix known vulnerabilities
- Coordinate our response procedures during active product security incidents
- Empower engineers by conducting regular developer security training
- Bring enthusiasm for working at a fast-paced startup
Requirements
- Solid understanding of the most common web application security risks as listed by the CWE Top 25 and OWASP Top 10
- DevSecOps and pipeline security implementation experience (SAST/SCA/DAST/etc.)
- Microservice architecture experience, including K8 and Docker
- Application security hands-on experience (pentesting, bug bounties, etc)
- Ability to perform root cause analysis on past security incidents to recommend improvements
- Proficiency in at least one programming or scripting language, such as Go, Java, Python, JavaScript, or Ruby
- Practical knowledge of AWS cloud services and structure
- English language fluency
Nice to haves
These aren’t required, but be sure to mention them in your application if you have them.
- Business-level or higher proficiency in Japanese and/or Chinese
- Program Management or Data Science experience
- Strong knowledge of the AWS suite of security-related services with a certification as an AWS Security Specialist
- Experience with the operation of cloud-based infrastructure and API security using services such as AWS EC2 security groups, AWS Web Application Firewall, or AWS Shield
- Past work experience with cloud-based security services like AWS Security Hub, Amazon GuardDuty, Amazon Inspector, Amazon Detective, or AWS Config
- Skills in infrastructure-as-code technologies, such as Terraform or CloudFormation
- Exploit development, Red Team, or reverse engineering experience