This role will directly report to the Head of Technology Operations in UBX.
This role requires a hands-on security engineer with expertise and passion in solving difficult security problems in distributed, multi-tenant services and infrastructure using container-native technologies such as Docker, Kubernetes, and other technologies in the CNCF family.
As a Security Engineer you will be working closely with software engineers from the various cloud service teams to build a secure container-native architecture that is fundamentally sound and efficient. Your influence over the design of the full system architecture is critical. You should be familiar with security at all levels of the software, hardware, and network stack; while being exceptionally deep in a few. Intellectual curiosity and an excitement for the challenges of securing complex, massive systems is a must. You should value simplicity and usability as well as security and work comfortably in a collaborative, agile environment.
Success on this role will be measured based on customer feedback and the following metrics:
- Increased customer activity, loyalty and satisfaction
- High system capacity, availability and redundancy
- System resilience on cyber-attacks and threats
- Bachelor’s degree in computer science or information technology or any relevant experience
- 5+ years of experience in security engineering
- A hacker’s mindset and ability to assess risks
- Strong security experience in container- and cloud-native software
- Experience in working in a large cloud or internet software company is preferred
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent organizational, verbal and written communication skills
- Ability to succeed through collaboration and working through internal and external organizations and individuals
- Strong analytical, interpersonal, problem solving and presentation skills
- Knowledge of common web vulnerabilities (OWASP Top 10, for example), how to test for them and how to remediate them
- Experience protecting against and mitigating real world attacks (DDoS, XSS, session-hijacking, SQL injection, CSRF, etc.)
- Knowledge of mobile platform security architectures
- Experience with security automation and/or DevSecOps
- Experience with embedded device security (bonus)
- Experience with Bitcoin & Blockchain (bonus)
- Background in applied cryptography (bonus)