【Job Board】Senior Cloud Security Engineer

bluetata
领域专家: 云计算技术领域
2023-02-16 14:51:25

THE TEAM

The team is comprised of our Defensive and Offensive Engineering teams alongside our Information Security Officers, whilst our CISO leads the operation. Our security team interact with the product and platform engineering teams across the company to promote best practices and awareness. They’re continually baking security into our culture, utilising new technologies and open-source tools to ensure high standards of security are maintained.

THE ROLE

We are expanding the Security Engineering team extensively, meaning that there are many skill-sets and experiences required. Your place within the team will depend on your individual strengths and interests, to give you an idea of some of the areas that of expertise we are looking for, here are some of the key projects/ workloads our team take on:

  • Creating a Secure Software Development Lifecycle (SSDLC)
  • Securing our cloud-native (AWS, GCP and Azure) distributed system architecture
  • Creating security tools and implementing them to enhance our specific security landscape
  • Advocating the DevSecOps mindset that we have created across our engineering teams

THE TECH

  • Infrastructure: AWS, GCP, Azure, Kubernetes (this will increase as we go cloud-agnostic)
  • Platform: CockroachDB, EKS, GKE, PostgresDB, Vault, Consul, Linkerd, Cilium, NATS
  • Tools: Terraform, Github, Flux, Prometheus, Pact.io, TFSec, Travis CI
  • Code: Go, (a little Java), CQRS, Open-Source, Python (Security tools)
  • Ways of working: DevSecOps, GitOps, TDD/BDD, Pair Programming, 100% Remote

WHAT WE NEED FROM YOU AND WHY

  • Experience in securing SDLCs, conducting SAST and DAST testing, threat modelling, code analysis and incident management. Our engineering teams are constantly developing new products that are added to our singular API gateway so the CI/CD pipeline must be secure by design.
  • Ability to create, deliver and enhance security of cloud-native distributed systems (we use AWS and GCP at present with Terraform as our Iac tool), following the best practices and implementing security controls post assessment. We are also looking to become cloud-agnostic meaning there will be opportunity for you to showcase your abilities across other cloud platforms.
  • Strong programming skills, we are flexible on languages, we use Go as our main language for production so a willingness or interest to learn Go is fundamental. In security we write our own scripts for automation in Python, Go and other languages while contributing to open-source tools so we can utilise them.
  • Familiarity with containerisation and microservices architecture security concepts is also crucial to being successful in this role.
  • Willingness to be part of the on-call rota.

DESIRABLES AND YOUR SPECIALISMS

SDLC Based:

  • 3+ Years of expertise in Kubernetes, securing clusters and meshes (Cilium is preferable), networking best practices and RBAC implementation (CKA, CKS qualifications are a plus)
  • Experience in hardening Linux OSs
  • +3 Years of container security knowledge including container image provenance (Sigstore and Notary as examples) with an in-depth knowledge of container runtimes/ Docker and the security controls and best practice that surround microservice architectures
  • Involvement in DevSecOps operations within Agile environments on to CI/CD pipelines (Travis CI and Flux are our tools) with the ability to choose the right tool to fit purpose
  • Hands on work within agile DevOps environments that follow the DevSecOps best practices, where you expressed the ability to choose the right tool to fit purpose
  • CI/CD pipeline (Travis CI and Flux are our tools) security management

Wider Security:

  • Hands on experience taking your company through any of the following ISO27001, ISAE3000, SOC2/1, GDPR, PCI-DSS
  • Previous experience in developing security road maps and architectures alongside Security Architects in cloud-native or hybrid-infrastructures including network security (AWS solutions architect or GCP professional cloud architect are a plus)
  • Previous experience in network security, preferably in hybrid infrastructure based environments, you will have managed, switches, network segmentation, ports and firewalls across the entire OSI model.

Personal Interests:

  • Keen interest in new and emerging threats, vulnerabilities and adversary advancements coupled with the ability to present these to the wider team
  • Active contributor to open-source projects and passion for developing internal tools (our engineers were some of the main contributors for TFSec)
  • Additional Qualifications (nice to have but not necessary): OSCP, CASE, CCSP, AWS Security Specialist or GCP Professional Cloud Security Engineer
...全文
707 回复 打赏 收藏 转发到动态 举报
写回复
用AI写文章
回复
切换为时间正序
请发表友善的回复…
发表回复
源码链接: https://pan.quark.cn/s/a4b39357ea24 在本研究中,我们将详细研究如何借助Python执行数据可视化,旨在剖析2018年期间中国四个主要城市——北京、上海、广州以及深圳的空气质量状况。通过绘制反映空气质量指数(AQI)与细颗粒物(PM2.5)变化趋势的图表,我们能够深入理解这些大都市全年的空气环境质量,并明确评估其优良天气所占的比重。 我们必须首先进行数据准备工作。在当前提供的压缩文件内,名为"2018天气"的文件极有可能是数据来源,其中可能收录了涉及四个城市每日空气质量监测的详细信息。这些数据通常涵盖日期、城市名称、AQI数值、PM2.5含量等核心参数。在Python编程环境中,我们惯常运用pandas库来对这类结构化数据进行高效的处理和分析。 1. **数据导入与初步处理**: - 利用`pandas.read_csv()`方法来导入存储为CSV格式的数据资料。 - 数据整理:对数据中的空白项、非正常数值进行修正,保证数据的精确性。 - 调整日期字段的格式,确保其能够适用于时间序列分析的需求。 2. **数据深度分析**: - 针对每个城市的AQI和PM2.5数据执行统计性描述,例如计算平均值、中位数、标准偏差等指标。 - 确定空气质量良好天气的天数,即那些AQI值低于75(依据中国的空气质量评估标准)的日数。 3. **数据呈现**: - 运用matplotlib或seaborn工具绘制折线图,直观展示四个城市在2018年全年的AQI和PM2.5变化动态。 - 可通过采用不同的颜色方案和线条类型来区分不同城市的数据系列。 - 添加必要的图示元素,如日期坐标轴、城市名称标注、图表标题及图例说明,以提升图表的可读...

182

社区成员

发帖
与我相关
我的任务
社区描述
面向想学习云原生的朋友提供交流园地,社区管理员沐风晓月联合云原生方向的大牛一起打造。 本社区将长期面向社区进行组织技术交流活动。欢迎各位朋友加入云原生社区,本社区诚邀各位推广投稿。
云原生微服务linux 个人社区 北京·海淀区
社区管理员
  • 我是沐风晓月
  • bluetata
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧