Cloud Security Engineer at CLEAR
CLEAR’s mission is to strengthen security and create frictionless experiences for consumers. We believe you are you and by using your biometrics - your fingerprints, eyes, and face - we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet or phone. Now in 60+ airports and other venues nationwide, you are your ID, credit card, ticket, reservation and more with CLEAR.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List and winner of the SXSW Interactive Innovation Award, we're working tirelessly to create frictionless customer experiences for our 4+ million members across the country.
The Cloud Security Engineer will be responsible for coordinating with all aspects of the company to assess, design, and implement various security processes and controls. You and your team will be responsible for reviewing and testing our new services before release, partnering closely with our infrastructure and development teams to produce innovative and secure solutions. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. Additionally, the right person has a strong track record of delivering high-quality security solutions in a hyper-growth environment where priorities shift quickly.
What You Will Do:
- Coordinate with all aspects of the company to assess, design, and implement various processes and controls of the company’s core cloud and infrastructure security and business continuity programs.
- Evaluate, designing, and deploying security tools to support: vulnerability/patch management, version/change management, advanced anti-malware, network IDS/IPS, security information and event monitoring systems.
- Lead threat modeling exercises of new and continuing to evolve technologies within our cloud and enterprise environments.
- Define security requirements and implement controls such as SSO, logging/alerting, and RBAC for 3rd party systems and technologies.
- Build automated tools and infrastructure for automating incident response and vulnerability remediation.
- Perform infrastructure as code reviews and risk assessment of NACLs, Security Groups, IAM, S3, KMS, and other core AWS infrastructure services don’t put the business in a risky state.
- Create clear and concise documentation to formalize security processes.
Who You Are:
- 2+ years of experience in security engineering experience with and 2+ years using cloud/PaaS technologies (AWS, GCP, Azure, Kubernetes).
- Strong understanding of firewall, intrusion detection and prevention, endpoint security, technologies.
- Operational knowledge of endpoint, systems, databases, orchestration/configuration as code technologies (e.g. Ansible, Puppet, Chef, Terraform), and network security engineering best practices.
- Solid problem solving and analytical skills; able to quickly digest issues encountered and recommend an appropriate solution.
- Experience in using scripting languages such as Python, BASH, or Go to automate tasks and manipulate data.
- Experience with AWS and SoA
- Experience with PCI and FedRAMP compliance
- Experience conducting third party assessments of vendors and SaaS apps
- Experience with securing mobile devices and applications