Cloud Security Engineer - AWS

Role at a Glance
We are seeking a Cloud Security Engineer who has rich technical experience securing a hybrid cloud environment. Our Cloud Security Engineer will lead a collaborative effort between SecOps and DevOps teams to integrate tools, processes and technology to meet the collective goals of keeping Plastiq secure while reducing risk, sustaining product delivery velocity and improving business agility.
 
Why this Role is Awesome
This is a chance for you to work as part of the team that will lead the journey to the cloud for the next generation of Plastiq’s platform applications and services. Enable our platform’s transformation by developing and implementing SecOps tools, automation and processes to more rapidly as well as reliably build and deliver secure software services to our customers.
 
The position is ideal for a self-starter and quick learner that enjoys working in fast-paced, open and collaborative work environments.  If you are a passionate security engineer that believes deeply in infrastructure as code and automation that enjoys contributing to best of breed technologies, you may have found a great home with Plastiq.
 
You get to be responsible for keeping our existing infrastructure secure using the latest security related technologies and cutting-edge practices.
 
Responsibilities
  • Security engineering and automation activities to solve complex problems associated with running large scale, multi-tenant, production environments.
  • Evaluate architectural designs and perform security reviews with Engineering teams.
  • Provide guidance on security solutions and best practices to internal teams.
  • Introduce and maintain information security tools inclusive of event management, IAM, detective controls, data and infrastructure protection, monitoring and other specific cloud security solutions and tools.
  • Follow DevOps principles in implementing security controls in the cloud infrastructure.
  • Utilize existing monitoring infrastructure to collect actionable security signals and automate remediation.
  • Implement proactive monitoring, alerting, trend analysis and self-healing systems.
  • Participate in incident resolution processes to drive restoration and remediate service-impacting issues.
  • Solve problems relating to mission critical services and build automation to prevent problem recurrence.
  • Incident management: perform security analysis and investigations of incidents involving the cloud components.
  • Support compliance activities for frameworks like SOC1/2 and PCI-DSS
  • Implement an infrastructure and controls supporting PCI-DSS Level 1 compliance and lead regular audits of our environment in conjunction with a PCI-DSS QSA.
  • Perform penetration testing, code reviews, and design/architecture reviews.
  • Evangelize cloud security best practices and design.
 
Required Skills
  • Bachelor's degree in Computer Science or equivalent
  • 5+ years of experience in Security Engineering, DevOps or IT Operations roles, strong familiarity with the principles of DevOps and Agile development.
  • 2+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).
  • 5+ years of Linux experience
  • 5+ years experience with hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats and more
  • Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.) is a strong plus.
  • Advanced knowledge of AWS cloud networking,VPCs, VGWs, VPNs, DNS, Direct Connect, Transit Gateway.
  • Experience building and securing infrastructure as code using CloudFormation, Ansible, SAM and/or similar tools.
  • Understanding of software development lifecycle models as well as the approaches to implement the AWS Well-Architected Framework.
  • Understanding of the shared responsibility model in AWS.
  • Fluency with one or more scripting/coding languages (e.g. bash, Python).
  • Experience implementing and leveraging the logging and monitoring solutions is a plus.
 
Desired Skills
  • Experience with Orchestration tools such as Terraform or Cloudformation.
  • Experience leveraging Configuration Management Tools, such as Ansible, Puppet or Chef for hardening images, servers and containers.
  • Experience with security containers and orchestration (Docker Swarm, Kubernetes, Mesosphere, AWS ECS/EKS).
  • Experience with securing serverless architecture design, implementation and deployment.
  • Experience with integrating SecOps into the CI/CD tool chain (Jenkins, CodePipeline, CodeBuild, CodeDeploy, Bamboo, CircleCI).
  • OWASP Member is a Plus.
  • Relevant security and AWS certifications are a plus but not required.

A little bit about us

To learn more about our team and how we operate, see our Engineering Blog. To learn more about our culture, visit https://www.keyvalues.com/plastiq.

Plastiq is billpay with benefits.

Everyday payments have become second nature: we swipe a card, tap a button, or press submit. But many of our most important bills — a child's care or tuition, critical business expenses, or taxes and rent — haven't caught up. Billions of checks are still written today. Wire transfers can be confusing. Payments are slow, late, or even unaccounted for.

We set out to pursue these challenges.

Our mission? To make bill payment simple and seamless. Plastiq lets you pay bills in the way that works best for you. We hope you love the service. 

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file