Lead Security Engineer (NYC or SF)
Databases are the beating heart of every business in the world.
Cockroach Labs is the team behind CockroachDB, an open source, distributed SQL database. We aim to build infrastructure that keeps pace with the world, so developers can focus on what matters most: building the best products. Join us on our mission to Make Data Easy. Are you ready to aim high and build to last?
About the Role
Cockroach Labs is looking for a passionate and experienced individual to lead our cloud security efforts. This is a hands-on and multi-functional role where you’ll be working with different teams across the company on a variety of projects related to security. The position is a mix of hands-on technical work, improving the internal security of our Cockroach Cloud (CockroachDB as a service) product offering, and working with our database engineering team.
In this role, you’ll have an opportunity to make a significant impact, establishing the culture and practices for security engineering in the development of our hosted database infrastructure and database software at Cockroach Labs.
- Work closely with the Cockroach Cloud team (CockroachDB as a Service)
- Provide security review of application architecture and cloud configuration
- Identify and own projects to improve the overall security of Cockroach Cloud
- Act as a subject matter expert on cloud security and application security best practices
- Evangelize and advance the state of security practices within the engineering team
- Guide engineering leaders on security-related matters
- Develop processes to integrate security review into the software development process
- Facilitate security engineering for CockroachDB
- Review software architecture for security-related features
- Work with backend engineers to triage security issues in the codebase
- Respond to security events and lead security investigations and mitigation
- Significant previous experience (5+ years) in an information security role
- 2+ years of experience in a software development role (bash/python or similar) OR in a production operations role
- 1+ years of hands-on experience with AWS or GCP
- Deep understanding of networking concepts and cloud security best practices
- Expert knowledge of application security and common application security issues such as OWASP Top 10
- Familiarity with Linux
In your first 30 days, you will become an integrated member of our engineering team. You’ll become familiar with our production systems, software development workflow, and cloud and application architecture for Cockroach Cloud. We believe that it's essential for you to take this first month to become familiar with our technology and our company.
After your first month, you will initially focus your efforts with the Cockroach Cloud team to identify vulnerabilities in the Cockroach Cloud configuration and work with the SRE team to develop and implement solutions. Also, you will develop and execute a plan to conduct an internal vulnerability assessment for Cockroach Cloud in preparation for an external security audit.
By your third month, you will understand the product roadmap for security features in CockroachDB. You will create a plan for addressing top security risks across engineering and the rest of the company, and start to implement necessary changes. At this time, you will be recognized across the company as the primary engineering point of contact for ongoing security compliance efforts.
Peter Mattis - Co-founder & Chief Technology Officer
Peter works on a bit of everything, from low-level optimization of code to refining the overall design. He was thrust into file systems early in his career at Inktomi and then learned the true meaning of scalability while working on and Colossus at Google. Before stepping into the office in the morning he will have nursed his CrossFit addiction and dealt with the chaos of a three kid morning routine. You can set your watch by his daily departure at 4:30 pm to have dinner with his family.
Reporting to Ken Liu - Engineering Manager
Ken Liu is an experienced engineering leader, having managed engineering teams at several high-growth startups in NYC over the past 5 years. Prior, he worked in various industries as a software engineer including Novartis Pharmaceuticals, IEEE, and BMW. In his free time, he spends most of his energy keeping up with his two kids but occasionally likes to relive the 90s by rollerblading.
- 100% health insurance coverage (for you and your dependents!)
- Paid parental leave (with baby bucks)
- Flex Fridays
- Flexible time off & flexible hours
- Education reimbursement
- Relocation support
Cockroach Labs is proud to be an Equal Opportunity Employer building a diverse and inclusive workforce. If you need additional accommodations to feel comfortable during your interview process, please email us at [email protected]