Blockdaemon is looking for a talented Security Engineer who thrives on ambiguity and loves endless discovery. You will work with teams across the organization to identify, prioritize, and remediate vulnerabilities relevant to Blockdaemon’s infrastructure. You will build and maintain security tooling and services to support the expanding needs of our Security organization while using the widest array of technologies and working with bleeding edge applications.
- Assess, design, implement, automate, and document security solutions and processes for K8s, Public and Private Cloud environments, SaaS applications and other cloud platforms
- Implement and tune detection logic for threats specific to Blockdaemon
- Work closely with observability engineers to address any gaps in observability
- Work with platform engineers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built in application security controls
- Work on key areas to develop baseline cloud, container, and application security standards and integrate into the CI/CD pipeline
- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements
- Implement "security as code" using cloud services Terraform, and CI/CD components
- Respond to and, when appropriate, resolve or escalate security incidents
- Develop and maintain documentation for security systems and procedures
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
- Minimum 4 years of experience as a Security Engineer or equivalent working experience
- Significant technical experience in Cloud Computing technologies and automation
- Ability to break down complex problems and implement custom solutions or scripts beyond just basics to demonstrate thoroughness of problem solving and automated security
- Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes.
- Experience working with container technologies including Docker and Kubernetes
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Experience with or understanding of a broad range of security technologies including IDS/IPS, IAM, Certificate Management, etc.
- Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
- An understanding of identity federation, authentication, and authorization (SAML, OIDC, OAuth)
When applying, mention the word CANDYSHOP when applying to show you read the job post completely. This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human RMy4yMzguOTAuOTUM