Security engineer

What we are looking for

We are seeking talented individuals who possesses infinite curiosity. You'll partner with Crewscale to build groundbreaking technology. This is an incredible opportunity to make a meaningful impact.

Responsibilities

  • Proactively perform security assessments and reviews (threat models/code reviews/pentests).
  • Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications
  • Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
  • Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)
  • Be responsible for the Identity access management (IAM) for all users and roles in AWS
  • Integrate security best practices into the SDLC process and the CI/CD pipeline
  • Act as a technical leader for the security team and work with engineering teams to improve security practices
  • Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
  • Perform security reviews of the architecture
  • Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls

What we're looking for

  • 4-6 years of experience in Application/Product Security preferably in SaaS
  • 2-4 years of experience within Cloud Security in AWS
  • Strong understanding of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices
  • Pentesting, threat modeling, and architecture review experience
  • Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.
  • Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must
  • Working knowledge of the OWASP Top 10 security risks and remediation techniques
  • Previous programming experience in languages such as Python, Ruby, or Elixir
  • Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
  • Knowledge of container security such as Docker and Kubernetes a plus
  • Certifications such as CISSP, GSEC, CEH or CISM highly desired
  • Agile, humble, trustworthy, and a team player

Qualifications: Experience, capabilities and technologies

About Us

The Scalers - who are we

What it takes to succeed with Crewscale

Our personal mission

Perks and benefits

Our culture

How to Apply?

Does this role sound like a good fit?