Security Engineer (2)
About The Position
Coralogix is hiring Security Engineers to join our growing Platform Engineering Group.
The core Coralogix log analytics software is deployed into a variety of non-production and production environments. As our customers depend on Coralogix to keep their logs private, these environments must be secure, reliable, consistent with each other, and be able to scale to meet the growing needs of the business. The Platform Engineering Group is responsible for the development, operations, and maintenance of these environments.
As a Security Engineer, you will help to improve our infrastructure’s security as Coralogix grows into a large company. As Security Engineers work under the umbrella of Platform Engineering, Security Engineers wear two hats - both that of security engineers, primarily responsible for improving security, as well as that of infrastructure engineers, understanding that improved security is ultimately implemented by building additional infrastructure.
- Prometheus / Grafana / PagerDuty
What You'll Do:
- Building security infrastructure by writing infrastructure as code (IaC)
- Working with R&D management, application engineers, and infrastructure engineers to identify vulnerabilities and help to prioritize patching
- Writing security documentation, including writing formal process documentation for internal and external stakeholders and writing answers to customer security questionnaires.
- Strong familiarity with hosting Linux servers for serving internal and/or Internet-facing applications, including configuration, security, and performance monitoring. You should understand why 777 is only lucky in Vegas.
- Strong familiarity with Linux containers and container infrastructure - the promises, the challenges, and the security implications.
- Strong familiarity with Kubernetes cluster administration, both in terms of best-practices for anything that can be set or retrieved through `kubectl` as well as the installation and configuration of the cluster components on Linux servers.
- Strong familiarity with AWS IaaS offerings. You should be comfortable with every detail of EC2, S3, Route53, ACM, KMS, and IAM. Prior knowledge of Cloudfront, RDS, and Elasticache are a bonus. AWS’s higher-abstraction offerings are irrelevant for us, e.g. Lambda.
- Strong familiarity with the principles of computer and network security, including the following considerations: enforcing single sign-on, protecting cloud networks, enabling remote-work, and common means of protecting data at-rest and in-transit (including PKI).
- Strong familiarity with VPC-level (i.e. Amazon Virtual Private Cloud / Azure Virtual Network / Google Virtual Private Cloud) networking, including the flexibility, performance, and security considerations involved in routing between different cloud networks. You should have a strong understanding of DNS, and be able to explain how domain delegation meets the needs of growing companies.
- Familiarity with the principles of setting up monitoring (including infrastructure-, application-, and security-related monitoring), alerting, and scalable on-call practices.
- Familiarity with version control and its uses for infrastructure and operations work.
- Familiarity with the principles of CI/CD pipelines, including familiarity with scripting languages for the purpose of regularly applying declarative IaC and configuration. Prior experience with software development is a bonus.
- For all of the above skills, you should have enough professional experience running production systems to have formed strong opinions and be reasonably well-informed about what is generally good-quality engineering and why. This is not a junior position.
- Prior experience with working in a regulated company, in a role that ensured that infrastructure meets all regulatory compliance requirements, is a bonus.
- Additionally, a qualified candidate will:
- Hold formal credentials that attest to the candidate’s knowledge of industry security practices. If the candidate holds academic credentials, they must be from an accredited institution of higher education of good repute. If the candidate holds technical certifications, they must be current (not expired).
- Have strong English reading and writing skills, including the ability to clearly explain and document in written form the work that they have performed.
- Be prepared to accept occasional on-call responsibility during nights and weekends, equitably distributed among teammates. Coralogix is an equal-opportunity employer and reasonable accommodations are made for religious employees such that religious employees are not asked to be on-call during religious holidays and other forbidden periods e.g. Shabbat.