Sr. Security Engineer
Join our expanding team of security experts in our mission to become an elite security team dealing with 2021’s problems. Bring your creativity and passion for sec-ops or sec-eng in a meaningful way to have real impact in the future of millions of people's experience and interaction with work by experimenting with the latest in cyberspace.
If you are the kind of person who thrives in a challenging environment with creative expertise and a thirst for pushing the limits, we are interested in you!
Our Engineers get to work with the most progressive technologies in the business. We utilize Docker containers, k8s, Node.js, Go, microservices, and more. Our infrastructure leverages orchestrated containers, spans a CI/CD pipeline, is all IaC, and in the cloud.
Being at the bleeding edge of innovation comes with its own security challenges that books have not covered yet. If an exploit in the news drives you to find the write up or paper that explains how it worked, you’re sick of waiting for your company to “get around” to patching vulnerabilities, and you want to help build a secure foundation for our platform engineers, give us a call.
If you like to sweat the details of how to recover a system from scratch, have experience in release management, worry about deploying certificates correctly, and want to own the management of security tools and infrastructure, this is your chance.
At Lifion, we are building a culture of rigorous code review and formal application security design, that lets us catch vulnerabilities during development and not after. You should be familiar with the OWASP top ten, and be able to speak to them to bring Platform Engineers up to speed.Preferred Qualifications
Deep knowledge of secure application design, specifically a familiarity with authentication, authorization and secret management flows
Proficiency with commonly used cryptographic tools, APIs, and best practices (e.g. tink, openssl and so forth)
Be able to drive a security issue from discovery to resolution, working with teams to get them over the finish line.
Experience with Penetration testing and red/blue teaming
Single sign on management in the cloud, especially LDAP/OAuth/AD or similar
Comfortable with popular IDS, IPS, or SIEMs
Experience with VPCs, security group monitoring/auditing and similar
Knowledge of Continuous Integration & Delivery methodologies
Be familiar with auditable deploys and practices
Have experience with infrastructure as code and versioned releases
Experience with Multi-AZ or Multi-Region deployments
Creating threat-models and risk assessments