Senior Security Engineer, Streamlit Community Cloud [Snowflake ❄️]

Jobs
1

:handshake: Company

Snowflake :snowflake:

:briefcase: Title

Senior Security Engineer, Streamlit Community Cloud

:round_pushpin: Location

San Mateo, California (USA) – apply here
Bellevue, Washington (USA) – apply here

:building_construction: Job Description

RESPONSIBILITIES :

  • Support scalable product security reviews by building developer-friendly processes and tools
  • Design, plan, and execute projects which identify security requirements, promote the use of secure defaults, and verify the security of implementations
  • Perform security code review, vulnerability impact analysis, and recommend effective risk mitigations
  • Deploy and manage security automation tools, including SAST, DAST, and SCA, to catch security bugs early and provide actionable feedback to developers
  • Consult with development teams to provide: design reviews, risk assessments, prioritized security requirements, and support during implementation
  • Plan and scope pen tests, review findings, provide guidance to the team on mitigation plans
  • Work with stakeholders to develop platform abuse detection, prevention and response plans
  • Onboard projects to Snowflake bug bounty program and assist with triage and remediation of vulnerability reports

MINIMUM QUALIFICATIONS :

  • 5+ years experience deploying services on public cloud infrastructure
  • Expert understanding of software security architecture and design, threat modeling, code review, SDLC best practices, and mitigations for common application security issues
  • Fluency in one or more programming or scripting languages: Java, Python, C++, Go, TypeScript
  • Experience deploying and customizing security tools to detect threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, endpoint security monitoring, etc.
  • Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
  • Demonstrated ability to collaborate with other teams to achieve complex objectives

PREFERRED QUALIFICATIONS :

  • 7+ years experience working in an information security discipline
  • Prior experience working in a high growth, cloud native technology company
  • Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
  • Familiar with linux fundamentals such as namespaces, cgroups, processes, filesystem etc.
  • Applied cryptography experience including: symmetric/asymmetric encryption, hashing, HMAC, TLS PKI, etc.
  • Ability to write SQL queries and build dashboards, metrics, and reports to drive security outcomes
  • Experience using CI/CD pipelines to perform automated security testing
  • Have read and are capable of implementing ideas from “Site Reliability Engineering”, “Building Secure & Reliable Systems”, or “Engineering Trustworthy Systems”
  • Contributions to the security community, such as open source tools, research papers, conference talks, etc.