Security Production Engineer
Posted Oct 26
PhishMe is seeking a mid to senior level Security Production Engineer. As a Security Production Engineer, you will play a critical role in effectively building, maintaining and improving the security of our systems, platform, and infrastructure deployed in AWS and in On Premise security appliances. You will be responsible for the development and deployment of tools and processes that for securely managing environments used by PhishMe Simulator, Triage, and other SaaS and Managed Service offerings. You will also work with other security-focused engineers, production engineers, and software engineers to manage traditional systems and network security tools such as web application firewalls, DDoS service, HIDS while working to integrate security into dynamic cloud environments that leverage AWS services and Docker.
You will have the opportunity to influence and design current strategies and procedures for securing our environments. You will directly influence the application configuration, deployment process of our application and create tools to improve our processes, monitoring and application infrastructure to implement a SecDevOps approach that is integrated into the deployment pipelines, continuous, and low-friction where security cannot be a blocker.
This role will report to a Director of Production Engineering or the Vice President Production Engineering.
This is a full-time position working for PhishMe, Inc. Outsourced or software development contractors will not be considered.
- Work across multiple production engineering and development teams to establish, enforce, and socialize security practices and procedures in the building of environments and deployment of code
- Implement, configure, and manage of security tooling for hosts and applications and cloud services
- Perform vulnerability identification and remediation including patch management for systems and networks
- Objectively assess risks based on business critical of system and data assets
- Manage and monitor AWS account security including best practices, security groups, user access
- Manage and configure of security tooling such as web application firewall, HIDS, VPNs.
- Manage of user access, roles, and permissions to critical services
- Harden systems and cloud infrastructure according to industry best practices such as CIS
- Implement security controls to address compliance requirements such as SOC2, ISO, HIPPA, and GDPR.
- Cross-team work with the various product offerings within PhishMe
- Provide support to Sales Engineering in developing responses to RFP/RFQs
The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with PhishMe will be voluntarily entered into and your employment is considered at will. PhishMe reserves the right to alter the job description at any time without notice.
Required Skills and Experience:
- Solid knowledge of Enterprise security fundamentals and how they must to be adapted DevOps/Cloud Environments
- Ability to analyze security event and vulnerability findings from disparate sources (network, application, operating system, etc.) using a variety of manual and automated tools and processes
- Comfortable with a fast-moving development pace where security cannot be a blocker
- Knowledge of AWS Cloud Infrastructure (EC2, VPC, ELB, RDS) and security technology (security groups, CloudTrail, VPC Flow Logs, CloudWatch)
- Familiarity with automated configuration management such as Puppet, Chef, or Ansible
- Strong Linux (CentOS/Ubuntu) background with experience working in large AWS deployments
- A strong interest in the field of information security principles
Desired Skills and Experience:
- Past experience working as part of distributed, remote-first team.
- Docker CLI familiarity and knowledge of repositories and container management
- Experience managing and building virtual appliances.
- Python or Ruby development background.
- Experience automating tasks in AWS using CloudFormation or Terraform
- Experience automating AWS tasks with Lambda Functions
- Experience Non-AWS Cloud providers such Azure or GCE
- Familiarity with Jenkins, Git, Artifactory
- Experience with Signal Sciences, JumpCloud, Jenkins, OSSEC HIDS and Zscaler
- Competitive salary and incentive stock options
- 401k plan with company match
- Health, vision, dental, disability, and life insurance
- Telecom expense reimbursement
- Full-time Telecommute (The United States only)
PhishMe is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other protected class under federal, state, or local law.
Apply for this position
To apply for this position, please follow the link below: https://careers-phishme.icims.com/jobs/1415/security-production-engineer/job