Senior Cloud Security Engineer - San Francisco, CA, United States - StockX

Description

StockX

Buy and sell the hottest sneakers including Adidas Yeezy and Retro Jordans, Supreme streetwear, trading cards, collectibles, designer handbags and luxury watches.

View company page

Help empower our global customers to connect to culture through their passions.

Why you'll love this role

This hands-on security engineering position will be part of StockX's Information Security Cloud & Application Engineering team. This team is responsible for leading efforts to enhance the security of the cloud infrastructure and applications all across StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. They provide ongoing engineering support for security systems in our cloud native environment. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you'll do

• Partner with the Platform Engineering and IT teams to design, implement, and manage security measures for our AWS & Azure cloud infrastructure.
• Collaborate with cross-functional teams to automate and expedite integration of security best practices into the entire development lifecycle, from design to deployment.
• Use available tooling to assess risks and vulnerabilities and implement strategies to mitigate and remediate identified security risks.
• Automate enforcement security of policies and related controls for AWS cloud services and data protection.
• Monitor and respond to security incidents, conduct investigations, and implement incident response procedures as needed with confidentiality and professionalism.
• Design and implement identity and access management (IAM) solutions for secure access control.
• Partner with other teams to ensure IAM controls are part of a defense in depth strategy
• Ensure the continuing operation and effectiveness of key identity and access management controls
• Stay abreast of the latest cloud security trends, threats, and vulnerabilities, and implement proactive measures to address emerging risks.
• Possess knowledge of reliable and low-touch infrastructure using technologies such as Terraform, Kubernetes, and Docker supported by other engineering teams.
• Provide mentorship and guidance to junior members of the security team.
• Ability to quickly analyze logs and configurations using; Python, JQ, cURL, etc.
• Integrate application security tooling within the existing CI/CD environment to improve application security.

About you

• 4-7 years of relevant security experience.
• Bachelor's degree preferred but not required.
• Cyber security certifications preferred e.g. CISSP, CISM, Security +, AWS Security
• Strong experience with cloud native environments and with multiple cloud services providers
• Experience with scripting across multiple cloud providers and infrastructure APIs to analyze security posture and configurations.
• Detailed understanding of cloud and network security
• Experience reading other engineer's code across a number of languages to identify security issues.
• Understanding of modern cloud technology components and deployment patterns: containers, Kubernetes, serverless, infrastructure as code, etc.
• Experience with OAuth/SAML techniques and OIDC
• Deep understanding of Identity & Access Management security controls and tooling
• Strong understanding of securing distributed cloud and on-premesis networks using security groups, network ACLs, VPNs, and WAFs among other technologies
• Strong understanding of security monitoring tools for cloud environments such as CSPM, CASB, cloud audit logs such as AWS Cloudtrail, etc
• Strong understanding of application security tools such as Snyk, Sonarcloud, Dependabot or Renovate, GitGuardian, etc
• Technical understanding of how threats like Spam, Phishing, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS are executed and how to protect against them across an organization.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $140,000 to $160,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses . Compensation is dependent on geography and may vary.

Help empower our global customers to connect to culture through their passions.

Why you'll love this role

This hands-on security engineering position will be part of StockX's Information Security Cloud & Application Engineering team. This team is responsible for leading efforts to enhance the security of the cloud infrastructure and applications all across StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. They provide ongoing engineering support for security systems in our cloud native environment. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you'll do

• Partner with the Platform Engineering and IT teams to design, implement, and manage security measures for our AWS & Azure cloud infrastructure.
• Collaborate with cross-functional teams to automate and expedite integration of security best practices into the entire development lifecycle, from design to deployment.
• Use available tooling to assess risks and vulnerabilities and implement strategies to mitigate and remediate identified security risks.
• Automate enforcement security of policies and related controls for AWS cloud services and data protection.
• Monitor and respond to security incidents, conduct investigations, and implement incident response procedures as needed with confidentiality and professionalism.
• Design and implement identity and access management (IAM) solutions for secure access control.
• Partner with other teams to ensure IAM controls are part of a defense in depth strategy
• Ensure the continuing operation and effectiveness of key identity and access management controls
• Stay abreast of the latest cloud security trends, threats, and vulnerabilities, and implement proactive measures to address emerging risks.
• Possess knowledge of reliable and low-touch infrastructure using technologies such as Terraform, Kubernetes, and Docker supported by other engineering teams.
• Provide mentorship and guidance to junior members of the security team.
• Ability to quickly analyze logs and configurations using; Python, JQ, cURL, etc.
• Integrate application security tooling within the existing CI/CD environment to improve application security.

About you

• 4-7 years of relevant security experience.
• Bachelor's degree preferred but not required.
• Cyber security certifications preferred e.g. CISSP, CISM, Security +, AWS Security
• Strong experience with cloud native environments and with multiple cloud services providers
• Experience with scripting across multiple cloud providers and infrastructure APIs to analyze security posture and configurations.
• Detailed understanding of cloud and network security
• Experience reading other engineer's code across a number of languages to identify security issues.
• Understanding of modern cloud technology components and deployment patterns: containers, Kubernetes, serverless, infrastructure as code, etc.
• Experience with OAuth/SAML techniques and OIDC
• Deep understanding of Identity & Access Management security controls and tooling
• Strong understanding of securing distributed cloud and on-premesis networks using security groups, network ACLs, VPNs, and WAFs among other technologies
• Strong understanding of security monitoring tools for cloud environments such as CSPM, CASB, cloud audit logs such as AWS Cloudtrail, etc
• Strong understanding of application security tools such as Snyk, Sonarcloud, Dependabot or Renovate, GitGuardian, etc
• Technical understanding of how threats like Spam, Phishing, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS are executed and how to protect against them across an organization.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $140,000 to $160,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses . Compensation is dependent on geography and may vary.

About Us StockX is proud to be a Detroit-based technology leader focused on the large and growing online market for sneakers, apparel, accessories, electronics, collectibles, trading cards, and more. StockX's powerful platform connects buyers and sellers of high-demand consumer goods from around the world using dynamic pricing mechanics. This approach affords access and market visibility powered by real-time data that empowers buyers and sellers to determine and transact based on market value. The StockX platform features hundreds of brands across verticals including Jordan Brand, adidas, Nike, Supreme, BAPE, Off-White, Louis Vuitton, Gucci; collectibles from artists including KAWS and Takashi Murakami; and electronics from industry-leading manufacturers Sony, Microsoft, Nvidia, and Apple. Launched in 2016, StockX employs more than 1,000 people across offices and verification centers around the world. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr