Senior Security Engineer - Product Security

📋 Description

• • As a Senior Security Engineer specializing in Product Security at Cloudera, you will be at the forefront of building and enhancing a robust security platform that is intrinsically woven into every stage of the software and infrastructure lifecycle. This pivotal role offers the opportunity to lead the charge in adopting advanced DevSecOps practices, significantly influencing product design from its nascent stages, and hands-on implementation of sophisticated, highly automated security tooling designed for both multi-cloud and on-premises environments.
• • You will join a unique, highly collaborative blended team, bringing a wealth of expertise in both security platform development and application security. Your contributions will be instrumental in constructing the foundational security platform that supports all of Cloudera’s innovative products.
• • Your primary responsibility will be as a core member of the Product Security (ProdSec) Platform team. This involves the engineering, deployment, maintenance, and operationalization of our internal security platform. The goal is to provide self-service tools that empower product teams to build and deploy their solutions securely by default, embedding security seamlessly into their workflows.
• • You will operate as a critical component of our product security development process, driving essential changes at the design phase through automated governance mechanisms. Furthermore, you will provide expert consultation on how to effectively leverage the platform's extensive capabilities.
• • Our overarching objective is to "shift security left," meaning we aim to integrate security considerations much earlier in the development lifecycle. This is achieved by building a mature, highly automated platform that significantly reduces security-related toil for both developers and security staff. By automating routine security tasks, we enable these teams to dedicate more time to innovation while ensuring that security is a fundamental aspect of every design.
• • You will play an instrumental role in identifying product security pain points and devising scalable, platform-based solutions to address them. This proactive approach fosters a continuous cycle of improvement across our entire product portfolio, ensuring Cloudera remains at the cutting edge of secure software development.
• • We are seeking individuals who are driven to redefine how security is delivered within a high-velocity engineering organization. This role provides a unique opportunity to both teach and learn from Kubernetes trailblazers, contributing to the development of new best practices and paving the way for future advancements.
• • Key responsibilities include designing, developing, and deploying self-service security tools and services that form the backbone of our internal security platform. You will take the lead on complex security projects, encompassing end-to-end ownership of tool development and the creation of novel security capabilities within the platform.
• • A significant part of your role will involve automating and integrating critical security controls directly into CI/CD pipelines. This includes implementing and managing tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and more, ensuring security checks are performed automatically throughout the development process.
• • You will lead the architecture and deployment of secure multi-cloud environments across AWS, Azure, and GCP. This will involve extensive use of Infrastructure as Code (IaC) principles and tools such as Terraform and Ansible to ensure consistent, secure, and repeatable deployments.
• • Performing thorough security architecture reviews for new products and features will be essential. This includes developing comprehensive threat models and providing guidance on security-as-code best practices to development teams.
• • Close collaboration with the Site Reliability Engineering (SRE) team is crucial for embedding and maintaining automated monitoring and security visibility within our production systems, ensuring proactive threat detection and rapid response.
• • You will also work closely with internal security teams to ensure alignment with compliance requirements, support incident response efforts, and uphold operational security standards.
• • Developing, refining, and driving the adoption of security engineering best practices and organizational standards will be a key focus, ensuring a consistent and high level of security across all engineering efforts.
• • Evangelizing the use of our security platform tooling and delivering impactful DevSecOps training and outreach programs to internal development and engineering teams will be vital for fostering a security-conscious culture.
• • Finally, you will have the opportunity to mentor junior members of the Security team and security advocates, sharing your expertise in advanced DevSecOps principles, platform engineering, and secure coding practices.