Cloud Security Engineer (m/f/x)

This is us in a nutshell:

• We are singularly focused on providing all the tools and building blocks our customers need to deliver outstanding online shopping experiences and innovation across all digital touchpoints.
• In 2013 we introduced a modular, API-first cloud-native commerce platform, pioneering the headless commerce space and enabling us to build the foundation to change our whole industry for the better and re-invent ecommerce.
• Our international expansion has reached Europe, the US and Asia Pacific. In September 2021, we announced our $140m series C funding round led by global tech investor Accel, alongside existing investors Insight Partners and REWE Group, which has accelerated our global growth and elevated us to unicorn status. We are now valued at $1.9bn, named a Leader in the 2021 Gartner® Magic Quadrant™ for Digital Commerce for the second year in a row.

The Opportunity:

We are looking for a security specialist experienced with all layers of our tech stack, from IaaS / PaaS over APIs to single-page web applications. If you are a seasoned product security expert and want to work with a team that is committed to security, this job is for you. This is a hands-on role where you need to dig into all layers , linux, cloud and code, to ensure security. We love e-commerce and that comes with a need to secure PII data and build high scalability applications. To enable this we are putting security first at all layers. We are looking forward to your contribution to our product!

Please note that for this role, we can currently offer full-remote work for candidates based in the European Union and in the United Kingdom.

Your Mission:

• Introducing security by design flows and principles
• You code and implement security measures on all levels
• Running threat modeling workshops
• Conducting risk analysis for planned implementations
• Designing automated processes that ensure security in a CI/CD world
• Organizing or conducting security tests together with external companies
• Supporting the corporate security and legal team in audits
• Working with the security special interest group
• Make sure security topics are addressed in product roadmap planning

What you need to succeed:

• Experience with cloud infrastructure and cloud security
• Experience with Automated security principles like, DAST, SAST and IAST
• Previous experience in a technology/software oriented role in a technology company
• Solid experience in working with product teams on security
• Experience with penetration testing
• Sound knowledge of Linux systems, Kubernetes, API, and web application security
• Practical experience in DevSecOps, including Proficiency in at least one scripting language (javascript , go ..) 
• Security Certifications such as OSCP, Certified Kubernetes Security Specialist, or GCP security certification
• Good English writing/documentation skills
• Experience communicating with stakeholders (legal, c-level, engineering)
• Research new topics in a short period of time, to help teams with new technologies
• Be comfortable with agile development principles
• (Preferable) Good understanding of PCI requirements
• (Preferable) Experience with European and international privacy laws

Team Values:

Positivity. Negativity is the enemy of progress.

Trust & Transparency. Promote direct and continuous feedback.

Learning. Be proud if you’ve failed at something. Think big, start small, learn fast!

Tech at commercetools:

We Are Open Source And Innovative By Design

🚀 We make rapid progress by being early adopters of React, Scala, and GraphQL

📋 We share & contribute to the open source community: https://github.com/sangria-graphql

⚙️ We <3 Automation and Machine Learning

We care about your Growth and Well-being

☀️ Remote Work: Up to 60 days/year from a country different from your base country  

💻 Open Learning & Development Budget

📚 ct Academy: Regular internal training sessions

⌚️ Flexibility: Morning person or night owl? We believe in outcome and motivated employees

🚀 Mindset & Growth: A diverse, creative workspace with an international culture & learning environment

Are you ready? Come grow with us!

🔍 Are you looking for something else? Check out our Career Page and our Website for more information.

We are all different and that is what makes us stronger! We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company better.

commercetools celebrates being a diverse environment and is proud to be an equal opportunities employer. If your professional profile aligns with our specific hiring requirements and company culture, then we encourage you to apply. We will assess your competencies, future potential, approach to learning and self-development and passion, and not your age, color, national origin, religion, gender, gender identity or expression, sexual orientation, familial status, genetics, or disability.