DevSecOps Engineer, Portworx

BE PART OF BUILDING THE FUTURE.

What do NASA and emerging space companies have in common with COVID vaccine R&D teams or with Roblox and the Metaverse? 

The answer is data, -- all fast moving, fast growing industries rely on data for a competitive edge in their industries. And the most advanced companies are realizing the full data advantage by partnering with Pure Storage. Pure’s vision is to redefine the storage experience and empower innovators by simplifying how people consume and interact with data. With 9,000 customers including 50% of the Fortune 500, we’ve only scratched the surface of our ambitions. 

Pure is blazing trails and setting records:

• For eight straight years, Gartner has named Pure a leader in the Magic Quadrant 
• Our customer-first culture and unwavering commitment to innovation have earned us a certified Net Promoter Score in the top 1% of B2B companies globally
• Industry analysts and press applaud Pure’s leadership across these dimensions
• And, our 4,000+ employees are emboldened to make Pure a faster, stronger, smarter company as we go

If you, like us, say “bring it on” to exciting challenges that change the world, we have endless opportunities where you can make your mark.

SHOULD YOU ACCEPT THIS CHALLENGE...

As a Devsecops Engineer, you will be responsible for testing and hardening the security of our Portworx product line. You will participate in design and requirement discussions to heavily influence the future direction of the product portfolio. Your work will involve collaborating with our highly skilled development and product management teams. 

As an experienced engineer, our team will look to you to test the limits of how our products interact. You are willing to dig into what does and does not work, then provide detailed responses and solutions. This is a highly visible opportunity to own the creation of automation solutions and tools while working with others to contribute to the technology choices of the organization with a cloud focus.

WHAT YOU’LL BE DOING...

• Championing end-end security while exploring different security and compliance standards our products must meet;
• Be the secure development lifecycle advocate for the Portworx group at Pure;
• Conduct  threat modeling for Portworx products, educate teams on security best practices, and ensure the teams are following Pure's security policies and standards;
• Proactively identify risks and threats, analyze possible effects of threats on Products and Services;
• Provide secure design consultation where the system architecture needs to be reviewed and help team(s) to design, develop and deploy a secured architecture;
• Work with different teams for remediation of security vulnerabilities;
• Developing and executing test plans and test cases with a security first approach;
• Contribute to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions;
• Build up and maintain capabilities to support privacy requirements for sensitive data;
• Implement, own, monitor and report on compliance with security policies (such as SOC2 and HIPPA), as well as the enforcement of policies;
• Testing Portworx products with various security solutions, based on the our customer’s environments and use cases;
• Performing functional and system testing of Portworx products, focusing on security;
• Assisting in analysis of test data, identify non-conformance trends, generate concise executive summaries, and recommend design improvements;
• Developing in-depth system and product knowledge.

WHAT YOU’LL NEED TO BRING TO THIS ROLE...

• Extensive experience with Kubernetes security, securing production infrastructure and cloud based security;
• Strong skills in Kubernetes-based security testing and knowledge of best practices;
• Experience testing storage and network security products, preferably with firewalls and intrusion prevention;
• Knowledge of encryption and tunneling protocol test methods;
• Good understanding of security software implementations and communication (SSL/TLS, HTTPS, PKI, Firewall, etc.);
• Experience with common security scanning tools such as DTR, Twistlock, SonarQube, Snyk;
• Development experience in one of the following languages: Python or Go;
• Experience leading an operations organization of some form (SecOps, DevSecOPs, DevOps);
• Experience with security laws and frameworks such as SOC2, ISO 27001, HIPAA, HITRUST, FedRAMP, PCI-DSS, and others;
• CNCF Kubernetes security certification is a plus;
• Start-up or fast-growing company experience is a plus.

BE YOU—CORPORATE CLONES NEED NOT APPLY.

Pure is where you ask big questions, think differently, and make an impact. This is not just a job, but a place where you have a voice and can accelerate your career. We value unique thoughts and celebrate individuality, and with ample opportunity to learn, develop yourself, and expand into different roles, joining Pure is an investment in your career journey.

Through our Pure Equality program, which supports a flourishing field of employee resource groups, we nourish the personal and professional lives of our team members. And our Pure Good Foundation gives back to local and global communities through volunteering and grants.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events.

PURE IS COMMITTED TO EQUALITY.

Research shows that in order to apply for a job, women feel they need to meet 100% of the criteria while men usually apply after meeting about 60%. Regardless of how you identify, if you believe you can do the job and are a good match, we encourage you to apply.

Pure is proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire. 

If you need assistance or an accommodation due to a disability, you may contact us at TA-Ops@purestorage.com.

APPLICANT & CANDIDATE PERSONAL INFORMATION PRIVACY NOTICE.

If you're wondering how or why Pure collects or uses information you provide, we invite you to check out our Applicant & Candidate Personal Information Protection Notice.

DEEMED EXPORT LICENSE NOTICE.

Some positions may require a deemed export license for compliance with applicable laws and regulations. Please note: Pure does not currently sponsor deemed export license applications so we are unable to proceed with applicants requiring stated sponsorship.

PURE’S COMPLIANCE WITH THE U.S. GOVERNMENT COVID-19 MANDATE

In accordance with Pure’s policies, current and anticipated federal regulations, and our ongoing commitment to prioritizing the health and well-being of our employees, partners, and customers, and the community at large, where permitted by law, all Pure employees and contractors working in the United States are expected to be fully vaccinated against COVID-19 prior to your start date. Should you require an exemption for medical or religious reasons, you must initiate Pure’s exemption request process which will determine if an exemption can be granted in accordance with applicable local, state, and/or federal law.