Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cloud Security Operations
Company Tehama
Location Canada - WFH
Preferred GIAC Certifications GIAC certifications
Travel 5%
Salary Not provided
URL Not provided
Contact Name Navika Dutta
Contact Email dutta/at/tehama.io
Expires 2021-09-02

Job Description

Title: Cloud Security Operations



Reporting to: Director, Security & Compliance (https://www.linkedin.com/in/chuck-thibert-7b95763?originalSubdomain=ca)



Location: Remote/Home based position within North America



Who are we:



Tehama is the fastest, simplest, and most flexible approach to delivering secure and integrated digital end-user computing (EUC) available today. Our service delivery platform enables organizations to easily onboard, manage, and scale their distributed workforce, by providing “ready to work” integrated and secured EUC environments with controlled access and monitoring—connecting new workers in minutes, not months. The result is decreased time to value, decreased operational costs, and a flexible work model that lets you move at the speed of today’s world.



What we're looking for:



Tehama is seeking a strong Cloud Security Engineer to drive continuous improvement to our information assurance posture using code to scale security solutions across the product. Tehama is a SOC-2 certified product which means a strong security posture is required.



This individual will have a passion for securing innovative products that scale. The Cloud Security Engineer will interact with stakeholders across all technical teams including Development, Operations, Compliance, and Product Management.



Your principal responsibilities will include:



Work with other teams to identify, resolve, and mitigate vulnerabilities in their systems
Evaluating or creating new technologies and services in order to solve complex security issues
Perform design reviews and risk assessments for new applications integrating with core services
Write software to detect, remediate, and enforce security standards in AWS
Propose, design, and build new systems and processes
Create and maintain documentation for new and existing processes and deployments
Provide tuning recommendations of security tools based on the analysis of empirical data
Guide product engineering teams to adopt security standards directly in our software and development lifecycle
Perform analysis of log files and data outputs and perform triage of incoming issues using a ticketing & tracking system
Produce and review daily and weekly metrics for security events
Stay up-to-date with trends in the information security community including new vulnerabilities, methodologies, and products


Required Knowledge/Skills/Abilities:



Cloud: Worked with AWS, understands VPC, Security Groups, EC2, S3,...(or equivalent cloud)
Bachelor’s of Science degree in Computer Science, Engineering, Computer Security, Information Systems, or related field, OR comparable level of professional experience
Experience with technologies from at least one public cloud (AWS, GCP, Azure)
Experience with open source technologies like Git, Terraform, and Docker
Experience in at least one programming language (Java, Python or Go)
Run penetration testing, produce reports, and participate in code reviews, design discussions, etc.
Experience mentoring junior engineers
Knowledge of attack vectors (malware, web application, social engineering, etc) and attack surfaces (ports, firewalls, incoming data processing, interfaces, etc.)
Experience with open source technologies and environments
Automation and scripting experience in Python or similar
Hands-on experience with Linux, AWS, and network fundamentals


Preferred Additional Knowledge/Skills/Abilities:



Strong competencies in data structures, algorithms, and software design
Experience adopting security practices across an enterprise
Experience with container orchestration and service mesh technologies like Kubernetes, Envoy, and Consul
Professional Security certifications: GIAC certifications, OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), or comparable


What do you get in return @Tehama:



Competitive Total Rewards package, including Stock Options, Self-Directed Professional Development budget, Health & Wellness budget & 30 days of Flexible Paid Time Off (see more details on our digitally powered Employee Experience & Total Rewards @ https://tehama.io/careers/)
Build a product that will enable the remote future of work & collaborate digitally with the industry’s top minds!
Team socials every Friday & Monthly Town Halls to bring our global teams together


Disclaimer



For this job, an equivalent combination of education and experience, which results in demonstrated ability to apply skills will also be considered
Tehama is an equal opportunity employer and welcomes applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.
All applicants will need to fulfill the requirements necessary to obtain a background check
No Recruitment Agencies, please