CircleCI is hiring a Senior Security Engineer to join our growing Security Operations team.
Security Operations is responsible for preventing, detecting, and monitoring for threats to CircleCI. This includes (not limited to) detecting and preventing distributed denial-of-service (DDoS), fight phishing attempts, vulnerability management, enforce auditing controls, and writing new services and tools to meet these needs. Daily tasks may include writing Terraform to make infrastructure changes, doing service reviews, gathering evidence for compliance, and examining logs.
What You’ll Do
- Ensure services built and maintained by CircleCI meet SOC2, FedRAMP, and similar compliance needs
- Deploy and monitor security tooling which includes SIEMs, IDS/IPS, logging, and services built/maintained by the team
- Build automation using languages like Go to assist with capturing compliance-related auditing needs
- Partner with our Product, Legal, Infrastructure, and Security Engineering
- Vulnerability management across software repositories and deployed services is kept up-to-date
- Access control management for engineering (non-IT) services, including periodic audits for access
- Participate in shared on-call rotation
We’re seeking someone who thrives in a collaborative environment, naturally curious and interested in learning, has strong communication and collaboration skills, and helps others grow by sharing their expertise and encouragement. You have strong opinions on project design that is based on experience.
- 3+ years security experience, preferably in similar role (examples include SecOps, SRE)
- 2+ years infrastructure experience, can be concurrent with security experience
- Knowledge of compliance frameworks, such as NIST
- Established and proven experience with Go. Work or significant experience with Java, Clojure, Python, or other languages are acceptable with ability to learn Go.
- Strong analytic and troubleshooting skills..
- Comfortable working synchronously, asynchronously, and in distributed remote teams.
- Experience using IDS/IPS systems, including those that enforce host and
- Comfortable interacting with SQL and NoSQL systems such as PostgreSQL and MongoDB.
- Infrastructure operations experience working with Docker, Kubernetes, Terraform, Helm, AWS, and GPC.
- Experience with implementing security tooling into SDLC and/or build pipeline
- Someone who is calm in high pressure situations
We strive to provide an outstanding security posture for our infrastructure and ultimately, our customers. We believe excellent security and compliance is a competitive differentiator. Thus we are generally unwilling to put up gates or slow down developer flow. Constraints drive creativity. If there is hard work required to make the right things the easy things, we're wiling to seek it out.
CircleCI Engineering Competency Matrix:
The Engineering Competency Matrix is our internal career growth system for engineers. This position is level P4. If you’re not sure this is you, we encourage you to apply. Find more about the matrix in this blog post.
Engineering at CircleCI is Remote-First
Being remote-first, we foster a culture that is inclusive of remote workers while allowing everyone to be the most productive. Read more about our remote-first culture here.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.
CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.