What we are looking for
We are seeking talented individuals who possesses infinite curiosity. You'll partner with Crewscale to build groundbreaking technology. This is an incredible opportunity to make a meaningful impact.
- Proactively perform security assessments and reviews (threat models/code reviews/pentests).
- Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications
- Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
- Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)
- Be responsible for the Identity access management (IAM) for all users and roles in AWS
- Integrate security best practices into the SDLC process and the CI/CD pipeline
- Act as a technical leader for the security team and work with engineering teams to improve security practices
- Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
- Perform security reviews of the architecture
- Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls
What we're looking for
- 4-6 years of experience in Application/Product Security preferably in SaaS
- 2-4 years of experience within Cloud Security in AWS
- Strong understanding of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices
- Pentesting, threat modeling, and architecture review experience
- Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.
- Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must
- Working knowledge of the OWASP Top 10 security risks and remediation techniques
- Previous programming experience in languages such as Python, Ruby, or Elixir
- Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
- Knowledge of container security such as Docker and Kubernetes a plus
- Certifications such as CISSP, GSEC, CEH or CISM highly desired
- Agile, humble, trustworthy, and a team player
Qualifications: Experience, capabilities and technologies
The Scalers - who are we
What it takes to succeed with Crewscale
Our personal mission
Perks and benefits
How to Apply?
Does this role sound like a good fit?