Have you ever looked at the end product and thought “This would have been so much more secure if they’d just made this one change in the design?” Do you wish you could influence the design of a product while still getting your hands dirty on the operations side? Great, we’ve got the position for you!
Cloudera is looking for security professionals with expertise in multiple domains to join a unique blended team. Bringing both security operations knowledge and application security knowhow, you and our highly collaborative team will play a crucial role in the design of Cloudera’s products and ensure the security of the Cloudera Data Platform (CDP) Public Cloud environment. In this role, you will be part of our Application Security (AppSec) and Security Operations (SecOps) team. This team is charged with maintaining the operational security of our production systems while also working as a critical part of our product development process; reviewing designs and providing advice to product teams to drive change at the design stage of the development lifecycle to make our lives easier at the production stage.
Our goal is to build a cycle of improvement that involves discovering and addressing design issues using a highly automated SecOps process and looping those findings back into our product team’s design process, reducing issues in future generations of our products.
We’re looking for individuals who want to change how security is done at either end of the product roadmap. You have the opportunity to teach and learn from Kubernetes trail blazers, and help blaze new paths for those following behind you.
Work closely with Site Reliability Engineering (SRE) teams to continually monitor and maintain the security of production cloud systems
Partner with product teams to review new products and features, develop threat models and perform risk assessments.
Mentor security advocates who are embedded in software development teams to understand security principles and best practices.
Develop, refine, and drive adoption of security best practices.
Influence decision-makers and stakeholders to continually raise the bar for security.
Develop and deliver security training and outreach to internal development teams.
Work collaboratively with the compliance and platform security teams to improve processes and drive changes back into the product design stage for the next new product or feature.
Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership.
Knowledge & Skills:
Experience performing security reviews, developing and reviewing threat models and performing risk assessments against complicated IT systems
Experience with AWS, Azure, and Google Cloud network and security best practices
Experience partnering closely with high-velocity engineering teams
Ability to communicate complicated security concepts with both technical and non-technical audiences
Ability to lead through influence within a secure development life-cycle for multiple products and technologies, meeting customer expectations for security
Demonstrated ability to listen to other's diverse points of view and working together to find the best solution
Demonstrated experience working in a situation where you need to balance business needs with security risks
Deep understanding of networking principles and how network architecture interacts with security (Standard networking stack, TLS, IPSEC, HTTP, DNS, etc)
Deep understanding of cryptography, web service frameworks, and service architectures (such as event-driven, service-oriented, or serverless architectures)
In depth knowledge of standard attacks and countermeasures
Deep understanding of Kubernetes operations and security
Moderate to advanced Linux knowledge
Experience conducting security assessments, including penetration testing
Experience with one or more programming languages (such as Java, C++, Ruby, Python, Perl) for the purpose of code review
Experience with Terraform, Unix shell scripting, Hashicorp Vault, etc
Knowledge of standard Security Operations Center (SOC) tools
Security certifications (CISSP, CISA, etc) an asset but not required
Familiarity with Cloudera’s products or other distributed computing systems a strong bonus, or a willingness to dig into our products to truly understand how they work