Job Description / Skills Required
CloudPassage is looking for a principal security and compliance researcher to join our engineering team. You will be the thought leader who designs new security initiatives that feed our industry-leading cloud security platform used by customers to analyze security posture. You will leverage your security and compliance expertise, scripting and programming talent with written communications skills to create world-class security solution. You should be a self-starter focused on quality and efficiency.
What You Will Be Doing
As a principal researcher for security and compliance research, you will guide the research engineering to focus on known threats, analyze disclosed vulnerabilities, develop mitigation/remediation guidance for those threats in view of CloudPassage products and tools.
Investigate all things security for containers including Docker, Kubernetes, Mesos, Google Container Engine and others
Investigate security for cloud services including AWS EC2, S3, IAM, RDS, Azure, RackSpace, and others.
Use your system hardening, forensic, threat intelligence and attack behavior knowledge to correlate events and create rules that feed our platform and enable the customer to identify actionable intelligence.
Work closely with other engineering teams to drive technical requirements to help build intelligence into our products and backend systems.
Leveraging your development, security and compliance expertise to inform customers about current and potential security threats providing actionable data that can be used to drive mitigation efforts.
What you need for this position
Minimum Qualifications: 5+ years of total experience
Must have a BS or MS in Computer Science, Computer Engineering or related technical discipline
Strong scripting and programming experience with Python and Java. Ability to learn new languages quickly.
Experience working with Security Operations Centers (SOC), CERT, etc and utilizing Threat Intelligence platforms
Experience with Forensics and Incident Response
Extensive experience with STIX, OPENIOC, CIS, and related threat intelligence sharing formats
You have hands on experience with information security technologies and key concepts (such as Vulnerability Management, OVAL, CVE etc.)
Experience conducting threat research focused on nation state and generic malware actors
Have a strong understanding of actor TTP's, abilities and kill chains
Has innovative ideas and demonstrates confidence to promote, share and implement ideas into actionable outcomes
Experience in an Incident response role is a plus
Experience working with machine learning, large data sets and databases a plus
Must be passionate about security, with a drive to stay current and appraised of the ever changing cyber security industry
Hands-on and be willing to jump in
Strong verbal and written communication skills
Excellent problem-solving skills
Ability to adapt quickly to changing priorities and industry focus
At CloudPassage, we are all about making cloud computing more secure and agile for leading global enterprise companies by resolving the number one inhibitor to cloud adoption: security. This challenge requires smart, passionate, and creative people.
We invented agile security for modern infrastructure. Our platform protects the most critical business assets. Staying in front of the cloud security landscape is a huge challenge that requires expertise, creativity, hard work and intense collaboration.
Leading enterprises like Citrix, Salesforce.com, and Adobe use CloudPassage to enhance their security and compliance posture while remaining agile. Headquartered in San Francisco, CA, CloudPassage is backed by Benchmark Capital, Lightspeed Venture Partners, Meritech Capital Partners, Tenaya Capital, Shasta Ventures, Musea Ventures and other leading investors.
Top Reasons to Work With Us:
CloudPassage is a growing, well-funded company that is making a difference
At the bleeding edge of security and technology
There are a lot of smart people to work with!
Great pay, benefits, and stock options
Rapid career advancement (plenty of opportunities to take on additional responsibility with a fast growing company!)
Opportunity to work with some of the biggest names for customers
Opportunity to make an impact on customer's security issues
Opportunity to work with “the best security tool” in the industry
We get stuff done!