Senior Security Engineer, Streamlit Community Cloud
- Support scalable product security reviews by building developer-friendly processes and tools
- Design, plan, and execute projects which identify security requirements, promote the use of secure defaults, and verify the security of implementations
- Perform security code review, vulnerability impact analysis, and recommend effective risk mitigations
- Deploy and manage security automation tools, including SAST, DAST, and SCA, to catch security bugs early and provide actionable feedback to developers
- Consult with development teams to provide: design reviews, risk assessments, prioritized security requirements, and support during implementation
- Plan and scope pen tests, review findings, provide guidance to the team on mitigation plans
- Work with stakeholders to develop platform abuse detection, prevention and response plans
- Onboard projects to Snowflake bug bounty program and assist with triage and remediation of vulnerability reports
MINIMUM QUALIFICATIONS :
- 5+ years experience deploying services on public cloud infrastructure
- Expert understanding of software security architecture and design, threat modeling, code review, SDLC best practices, and mitigations for common application security issues
- Fluency in one or more programming or scripting languages: Java, Python, C++, Go, TypeScript
- Experience deploying and customizing security tools to detect threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, endpoint security monitoring, etc.
- Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
- Demonstrated ability to collaborate with other teams to achieve complex objectives
PREFERRED QUALIFICATIONS :
- 7+ years experience working in an information security discipline
- Prior experience working in a high growth, cloud native technology company
- Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
- Familiar with linux fundamentals such as namespaces, cgroups, processes, filesystem etc.
- Applied cryptography experience including: symmetric/asymmetric encryption, hashing, HMAC, TLS PKI, etc.
- Ability to write SQL queries and build dashboards, metrics, and reports to drive security outcomes
- Experience using CI/CD pipelines to perform automated security testing
- Have read and are capable of implementing ideas from “Site Reliability Engineering”, “Building Secure & Reliable Systems”, or “Engineering Trustworthy Systems”
- Contributions to the security community, such as open source tools, research papers, conference talks, etc.